CN1127835C - 有线电话适配器与相连信令控制器之间的密钥管理 - Google Patents

有线电话适配器与相连信令控制器之间的密钥管理 Download PDF

Info

Publication number
CN1127835C
CN1127835C CN00806089A CN00806089A CN1127835C CN 1127835 C CN1127835 C CN 1127835C CN 00806089 A CN00806089 A CN 00806089A CN 00806089 A CN00806089 A CN 00806089A CN 1127835 C CN1127835 C CN 1127835C
Authority
CN
China
Prior art keywords
key
server
sub
request
endpoint
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
CN00806089A
Other languages
English (en)
Other versions
CN1346563A (zh
Inventor
S·梅德文斯基
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
General Equipment Holdings Ltd
Motorola Mobility LLC
Original Assignee
General Instrument Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by General Instrument Corp filed Critical General Instrument Corp
Publication of CN1346563A publication Critical patent/CN1346563A/zh
Application granted granted Critical
Publication of CN1127835C publication Critical patent/CN1127835C/zh
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1101Session protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/10Architectures or entities
    • H04L65/102Gateways
    • H04L65/1043Gateway controllers, e.g. media gateway control protocol [MGCP] controllers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1408Protection against unauthorised use of memory or access to memory by using cryptography
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2207/00Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F2207/72Indexing scheme relating to groups G06F7/72 - G06F7/729
    • G06F2207/7219Countermeasures against side channel or fault attacks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/007Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
    • G06F2211/008Public Key, Asymmetric Key, Asymmetric Encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2129Authenticate client device independently of the user

Abstract

一种用于IP电话网络中的安全客户机-服务器系统的高度可扩展密钥管理架构,其中密码状态只需由客户机保存。该架构利用了现有密钥管理协议Kerberos连同PKINIT(公钥)扩展的优点以提供具有高度扩展能力的IP电话系统。在丢失安全连接时,架构提供了简便的重构密钥操作,允许客户机快速重新建立丢失的连接或者切换至不同的服务器。密钥管理架构包括在IP电话网络中的IP电话端点与服务器之间建立安全信道的方法。端点与用户耦合而服务器与IP电话网络耦合。该方法包含以下步骤:从端点向密钥发布中心发送安全标签的请求;由端点从密钥发布中心接收安全标签;利用安全标签从端点向服务器发送子密钥的请求;由端点从服务器接收子密钥;以及利用子密钥在端点与服务器之间建立安全信道。

Description

有线电话适配器与相连信令控制器之间的密钥管理
相关申请引用
本申请对1999年4月9日提交的共同待批的美国临时专利申请No.60/128,772要求优先权,其所揭示内容处于各种目的全部包含在本申请中。
发明领域
本发明通常涉及客户机—服务器系统的密钥管理,特别涉及用于IP电话网络的可扩展密钥管理系统。
背景技术
在互联网协议(IP)电话网络中,网络服务器可以负责建立与多达100,000台客户机的电话呼叫。客户机可以经有线电话适配器(CTA)设备与电话网络耦合。为了确保呼叫信令安全,在每台客户机与服务器之间建立了互联网安全(IPSec)连接。这不得不以定时方式进行以使服务器上的CPU开销最小并且使呼叫建立延迟最短。
为了处理大量的客户,密钥管理需要尽可能得快。例如,当服务器性能下降或者过于繁忙以致无法处理应付所有客户时,安全连接可能就会丢失。丢失的安全连接必须在需要时再次建立。由于高昂的成本开支和缺乏扩展能力,因此人工管理客户机是不合适的。由于用于与IP电话无关的架构中的其他技术未提供所需的扩展能力和低管理开销,因此也是不合适的。
发明内容
本发明包括一高度可扩展密钥管理架构,用于IP电话网络所用的安全客户机—服务器系统,其中仅需由客户机保存加密状态。该架构利用现有密钥管理协议Kerberos的优点,结合PKINIT(公钥)扩展以提供具有高度扩展能力的IP电话系统。在丢失安全连接的情况下,该架构提供简便的重密钥化(rekeying)操作,允许客户机快速建立丢失的连接或者切换至不同的服务器。
在本发明的一个实施例中,提供了在IP电话端点与IP电话网络内服务器之间建立安全信道的方法。端点与用户耦连而服务器则与IP电话网耦连。该方法包括的步骤为:从端点向密钥发布中心发送安全标签(ticket)的请求;由端点从密钥发布中心接收安全标签;利用安全标签从端点向服务器发送子密钥的请求;由端点从服务器接收子密钥;以及利用子密钥在端点与服务器之间建立安全信道。
借助说明书其余部分以及附图可以进一步理解本发明的性质和优点。
附图简述
图1示出了按照本发明构造的电话网络;
图2示出了按照本发明的建立安全通信信道的报文交换示意图;以及
图3示出了利用图3的报文建立安全通信信道的方法。
实施发明的较佳方式
本发明的实施例在IP电话端点与IP电话网络内服务器之间提供了安全信道。在这里所述的实施例中,有线电话适配器(CTA)设备代表IP电话端点而信令控制器(SC)代表服务器。但是本发明适用于未列入讨论的其他类型网络端点和服务器。
图1示出了按照本发明构造的电话网络100的一部分。为了接入电话网络,CTA102经混合光纤/同轴电缆(HFC)接头—端部106向用户104提供接入。HFC接头一端部106具有如108所示提供接入其他用户的容量。HFC接头—端部还与连接电话网络骨干网114的信令控制器(SC)110耦合。信令控制器用来控制CTA接入电话网络。密钥发布中心(KDC)112也与电话网络骨干网114耦合。KDC112发放Kerbero标签,它被用来生成安全连接协议(例如IPSec封装安全有效负载(ESP)协议)或其他安全连接用的子密钥。网络100还包含客户服务代表(CSR)中心116、证明授权(CA)118金额帐户主机120。因此在网络100中,用户104可以利用安全协议,经CTA102访问电话骨干网114。
本发明的实施例包括利用Kerberos协议与密钥管理用的公钥PKINIT扩展。该协议基于由特定服务器密钥加密的Kerbero标签,这些标签是Web主题图标(cookies)。Kerberos标签被用来鉴别相对服务器的客户机的身份并建立包含于标签内的会话密钥。可以利用通用安全服务应用程序接口(GSS-API)标准访问Kerberos服务。
在本发明的一个实施例中,CTA利用带公钥证书的双向鉴别从KDC获得信令控制器标签。相应的会话密钥被送至CTA以CTA的公钥或者以Diffie-Hellman交换衍生的秘密信息密封。信令控制器标签保留较长时间周期,例如数天或数周。该周期长短可以根据网络性能要求进行调整。此外,信令控制器标签被用来建立对称会话密钥,它被用于建立一组与IPSec ESP模式一起使用的密钥。IPSec所用的密钥不是从会话密钥本身生成的。对于每个电话呼叫代之以生成另一随机密钥(即子密钥)并且随后用来生成IPSec密钥。因此信令控制器无需保持状态。在根据子密钥生成所有需要的密钥并且与CTA交换信令报文之后,信令控制器可以撇开标签连同所有相关的密钥。
本发明实施例中Kerberos协议与PKINIT扩展的使用提供了若干优点。例如,信令控制器无需保存状态-Kerberos标签仅需由端点(CTAs)保存。而且当不再需要时可以拆卸IPSec安全连接并且根据Kerberos标签,以高效密钥管理快速重建。协议在TCP和UDP协议上运行,并且是广泛应用的标准,多个供应商都提供对Kerberos和PKINIT的支持。
在一个实施例中,在PKINIT协议内RSA被用于密钥发放和证明。在另一实施例中,可以采用PKINIT选项,其中Diffie-Hellman被用于密钥交换而RSA被用于认证。本发明的实施例通常适合与任何公钥算法一起用于PKINIT内认证和密钥交换的任何公钥算法。
图2示出了CTA如何利用Kerberos获得子密钥的报文交换示意图200,子密钥被用于生成CTA-信令控制器信令报文的IPSec ESP密钥。在交换示意图中,为了清楚地描述协议起见,只提供了报文中载带的部分信息。交换示意图200示出了CTA102在线路220,KDC112在线路222和信令控制器110在线路224上发送或接收的报文。
图3示出了按照本发明的如何交换图2报文的流程图300。
在方框302,从CTA102向报文202所示的KDC112发送PKINIT请求。该请求包括由KDC用来认证CTA的CTA签名和证明。该请求还携带KDC用来确认该报文不是旧报文重放或重发的当前时间。PKINIT请求还包含将用来将后续PKINIT重放报文与该请求结合的随机值(称为现时(nonce))。如果采用Diffie-Hellman交换,则CTA将在PKINIT请求中包括Diffie-Hellman参数和公共值。
在方框304中,KDC112接收和验证PKINIT请求并向CTA发送以信令控制器服务密钥加密的信令控制器的标签。在该加密标签内是对称的会话密钥、有效期和CTA身份。而且在该步骤中,该标签将如报文204所示PKINIT回应内部返回给CTA102。PKINIT回应报文还包含用于认证KDC的KDC证明和签名连同来自PKINIT请求的现时以对重放进行保护。如果使用Diffie-Hellman交换,则KDC还将Diffie-Hellman公共值放入该报文。
PKINIT回应还包含会话密钥和标签内可以找到的有效期的第二副本—由CTA用来解密和使用。会话密钥及其相关属性的第二副本由Diffie-Hellman生成的秘密加密或者以CTA公钥封装。这里,封装的含义是会话密钥连同相关属性不是由CTA公钥直接加密。在PKINIT回应中,公钥被用来加密随机对称密钥,该随机对称密钥被用于加密另一最终用来加密会话密钥及其属性的对称密钥。即使在这种情况下简化PKINIT回应似乎是可能的,但是本实施例仍然采用原来的PKINIT标准。如果不采用Diffie-Hellman交换,则回应包含在226所示的报文项。
在方框306,应用(AP)请求从CTA102送至报文206所示的信令控制器110。这里CTA已经获得信令控制器标签并且现在通过向信令控制器传送AP请求报文而启动密钥管理。AP请求包含信令控制器标签连同CTA名称、时间戳记和报文散列—所有都以SC会话密钥加密。时间戳记用来检验旧AP请求报文重放。
在方框308,信令控制器110接收AP请求。它首先以服务密钥解密和使标签生效。它随后从标签取出会话密钥并且用来解密和使AP请求其余部分生效。接着,信令控制器产生随机子密钥并且以经会话密钥加密的当前时间戳记加密子密钥。它将该信息放入AP回应报文208并送回CTA。
在方框310,CTA接收并使AP回应生效,此后它与信令控制器共享子密钥。双方根据该子密钥独立产生(借助某些单向功能)一组IPSec加密和认证密钥。此后,CTA与信令控制器之间的所有信令报文将以IPSec信道保护。这种IPSec信道的建立示于图2的210-即使该步骤不涉及报文的交换。
在图2和3所示的本发明实施例中,为了获得中等对称的会话密钥,PKINIT交换以较长的间隔完成。该会话密钥在CTA与信令控制器之间共享(借助信令控制器标签)。
在该实施例中,202和204所示的PKINIT请求/回应报文通过TCP/IP连接传送。这是因为包含公钥和Diffie-Hellman信息的单个PKINIT请求或回应报文可能过大,无法装入单个UDP分组内。用TCP代替UDP对性能可能有些影响,但是由于PKINIT交换发生的间隔不频繁(相隔数天或数周)并且并且与电话呼叫联系不紧密,所以性能受到的影响不大。
会话密钥用于206和208所示的AP请求和AP回应报文中并且与每个电话呼叫交换以建立对称的子密钥。该子密钥被用来生成所有用于双向的IPSecESP密钥和开始序列数。AP请求和AP回应报文小到可以装入单个UDP分组内,因此将在UDP上运行。
本发明提供用于IP电话网络所用安全客户机—服务器系统的高度可扩展密钥管理架构。对于本领域内的技术人员来说,在不偏离本发明范围的情况下对上述方法和实施例的修改都是显而易见的。因此这里揭示和描述的内容只是示意性的而无限定作用,本发明的范围由下列权利要求限定。

Claims (4)

1.一种在IP电话网络中的IP电话端点与服务器之间建立安全信道的方法,其中端点与用户耦合而服务器与IP电话网络耦合,所述方法包含以下步骤:
从端点向密钥发布中心发送安全标签的请求;
由端点从密钥发布中心接收安全标签;
利用安全标签从端点向服务器发送子密钥的请求;
由端点从服务器接收子密钥;以及
利用子密钥在端点与服务器之间建立安全信道。
2.如权利要求1所述的方法,其特征在于端点是有线电话适配器。
3.如权利要求1所述的方法,其特征在于服务器为信令控制器。
4.如权利要求1所述的方法,其特征在于安全信道为IPSec信道。
CN00806089A 1999-04-09 2000-04-07 有线电话适配器与相连信令控制器之间的密钥管理 Expired - Lifetime CN1127835C (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US12877299P 1999-04-09 1999-04-09
US60/128,772 1999-04-09

Publications (2)

Publication Number Publication Date
CN1346563A CN1346563A (zh) 2002-04-24
CN1127835C true CN1127835C (zh) 2003-11-12

Family

ID=22436900

Family Applications (1)

Application Number Title Priority Date Filing Date
CN00806089A Expired - Lifetime CN1127835C (zh) 1999-04-09 2000-04-07 有线电话适配器与相连信令控制器之间的密钥管理

Country Status (9)

Country Link
US (2) US7568223B2 (zh)
EP (2) EP1169833B1 (zh)
CN (1) CN1127835C (zh)
AT (1) ATE313200T1 (zh)
AU (2) AU4213600A (zh)
CA (2) CA2370471A1 (zh)
DE (1) DE60024800T2 (zh)
HK (1) HK1045917B (zh)
WO (2) WO2000062507A1 (zh)

Families Citing this family (59)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE60024800T2 (de) * 1999-04-09 2006-07-06 General Instrument Corporation Schlüsselverwaltung zwischen kabeltelefonsystemadapter und signaleinrichtungkontrolle
US20030021417A1 (en) * 2000-10-20 2003-01-30 Ognjen Vasic Hidden link dynamic key manager for use in computer systems with database structure for storage of encrypted data and method for storage and retrieval of encrypted data
US6966003B1 (en) * 2001-01-12 2005-11-15 3Com Corporation System and method for switching security associations
US8156223B2 (en) * 2001-03-20 2012-04-10 Microsoft Corporation Distribution of binary executables and content from peer locations/machines
US8555062B1 (en) * 2001-03-26 2013-10-08 Access Co., Ltd. Protocol to prevent replay attacks on secured wireless transactions
US7181620B1 (en) * 2001-11-09 2007-02-20 Cisco Technology, Inc. Method and apparatus providing secure initialization of network devices using a cryptographic key distribution approach
KR100415117B1 (ko) * 2002-03-04 2004-01-13 삼성전자주식회사 인터넷프로토콜 전화시스템에서 인터넷프로토콜단말기들간의 다중통화 시 강제 착신장치 및 방법
US7565537B2 (en) * 2002-06-10 2009-07-21 Microsoft Corporation Secure key exchange with mutual authentication
FR2845226B1 (fr) * 2002-10-01 2004-12-10 France Telecom Procede et installation de controle de l'identite de l'emetteur d'un appel telephonique sur un reseau internet et terminal de telephonie pour une telle installation
JP4397675B2 (ja) * 2003-11-12 2010-01-13 株式会社日立製作所 計算機システム
JP4559794B2 (ja) * 2004-06-24 2010-10-13 株式会社東芝 マイクロプロセッサ
US7748032B2 (en) * 2004-09-30 2010-06-29 Citrix Systems, Inc. Method and apparatus for associating tickets in a ticket hierarchy
US7711835B2 (en) 2004-09-30 2010-05-04 Citrix Systems, Inc. Method and apparatus for reducing disclosure of proprietary data in a networked environment
US8613048B2 (en) 2004-09-30 2013-12-17 Citrix Systems, Inc. Method and apparatus for providing authorized remote access to application sessions
US7464267B2 (en) * 2004-11-01 2008-12-09 Innomedia Pte Ltd. System and method for secure transmission of RTP packets
EP1843513A1 (en) * 2005-01-24 2007-10-10 Matsushita Electric Industrial Co., Ltd. Signature generation device and signature verification device
US7890634B2 (en) 2005-03-18 2011-02-15 Microsoft Corporation Scalable session management
US7650505B1 (en) * 2005-06-17 2010-01-19 Sun Microsystems, Inc. Methods and apparatus for persistence of authentication and authorization for a multi-tenant internet hosted site using cookies
US7545810B2 (en) * 2005-07-01 2009-06-09 Cisco Technology, Inc. Approaches for switching transport protocol connection keys
WO2007062392A2 (en) * 2005-11-23 2007-05-31 Riverain Medical Group, Llc Computer-aided diagnosis using dual-energy subtraction images
EP1955511B1 (en) * 2005-11-30 2015-02-25 Telecom Italia S.p.A. Method and system for automated and secure provisioning of service access credentials for on-line services
KR100652017B1 (ko) * 2005-12-08 2006-12-01 한국전자통신연구원 물리보안공격에 대한 닥시스 케이블 모뎀의 보안 방법
US7706381B2 (en) * 2006-01-10 2010-04-27 Cisco Technology, Inc. Approaches for switching transport protocol connection keys
US8140851B1 (en) * 2006-02-24 2012-03-20 Cisco Technology, Inc. Approaches for automatically switching message authentication keys
US8732279B2 (en) * 2006-08-18 2014-05-20 Cisco Technology, Inc. Secure network deployment
US8533846B2 (en) 2006-11-08 2013-09-10 Citrix Systems, Inc. Method and system for dynamically associating access rights with a resource
CA2571891C (en) * 2006-12-21 2015-11-24 Bce Inc. Device authentication and secure channel management for peer-to-peer initiated communications
CN101790867A (zh) * 2007-04-30 2010-07-28 惠普开发有限公司 分配节点配置信息的系统和方法
CA2699846C (en) 2007-09-17 2016-07-05 Telefonaktiebolaget L M Ericsson (Publ) Method and arrangement for establishing a security key for protecting rrc/up traffic
US8171483B2 (en) 2007-10-20 2012-05-01 Citrix Systems, Inc. Method and system for communicating between isolation environments
CN101286840B (zh) * 2008-05-29 2014-07-30 西安西电捷通无线网络通信股份有限公司 一种利用公钥密码技术的密钥分配方法及其系统
US7877503B2 (en) * 2008-07-02 2011-01-25 Verizon Patent And Licensing Inc. Method and system for an intercept chain of custody protocol
US8776238B2 (en) * 2008-07-16 2014-07-08 International Business Machines Corporation Verifying certificate use
KR101255987B1 (ko) * 2008-12-22 2013-04-17 한국전자통신연구원 Dcas 시스템의 sm과 tp간의 페어링 방법, 이를 이용한 셋탑박스 및 인증장치
US20110013762A1 (en) * 2009-07-18 2011-01-20 Gregg Bieser Notification apparatus & method
WO2011039460A2 (fr) * 2009-09-30 2011-04-07 France Telecom Procede et dispositifs de communications securisees dans un reseau de telecommunications
US20110302416A1 (en) * 2010-03-15 2011-12-08 Bigband Networks Inc. Method and system for secured communication in a non-ctms environment
US8347080B2 (en) 2010-05-10 2013-01-01 Research In Motion Limited System and method for multi-certificate and certificate authority strategy
EP2387262B1 (en) * 2010-05-10 2015-04-29 BlackBerry Limited System and method for multi-certificate and certificate authority strategy
US8566596B2 (en) * 2010-08-24 2013-10-22 Cisco Technology, Inc. Pre-association mechanism to provide detailed description of wireless services
US8938619B2 (en) * 2010-12-29 2015-01-20 Adobe Systems Incorporated System and method for decrypting content samples including distinct encryption chains
US8843737B2 (en) * 2011-07-24 2014-09-23 Telefonaktiebolaget L M Ericsson (Publ) Enhanced approach for transmission control protocol authentication option (TCP-AO) with key management protocols (KMPS)
EP3300408B1 (en) 2011-10-28 2022-03-16 NEC Corporation Secure method for mtc device triggering
US9026784B2 (en) * 2012-01-26 2015-05-05 Mcafee, Inc. System and method for innovative management of transport layer security session tickets in a network environment
CN104704789B (zh) * 2012-10-15 2018-06-22 诺基亚通信公司 网络认证
US9515996B1 (en) * 2013-06-28 2016-12-06 EMC IP Holding Company LLC Distributed password-based authentication in a public key cryptography authentication system
US9553982B2 (en) * 2013-07-06 2017-01-24 Newvoicemedia, Ltd. System and methods for tamper proof interaction recording and timestamping
JP6278651B2 (ja) * 2013-09-27 2018-02-14 キヤノン株式会社 ネットワークシステム、管理サーバシステム、制御方法及びプログラム
FR3018371B1 (fr) * 2014-03-10 2016-05-06 Commissariat Energie Atomique Procede et systeme de chiffrement/dechiffrement de donnees a cle distante et verification prealable de jeton
US20170163607A1 (en) * 2015-12-03 2017-06-08 Microsoft Technology Licensing, Llc Establishing a Communication Event Using Secure Signalling
US10009380B2 (en) 2016-01-08 2018-06-26 Secureworks Corp. Systems and methods for security configuration
US10263788B2 (en) * 2016-01-08 2019-04-16 Dell Products, Lp Systems and methods for providing a man-in-the-middle proxy
US20180123782A1 (en) * 2016-10-27 2018-05-03 Motorola Solutions, Inc. Method for secret origination service to distribute a shared secret
EP3501654B1 (en) 2017-12-22 2021-08-25 Tecan Trading Ag Pipetting apparatus with a pipette tube and method for detecting a liquid within an intermediate section of pipette tube
US10771269B2 (en) * 2018-03-09 2020-09-08 Cisco Technology, Inc. Automated intelligent node for hybrid fiber-coaxial (HFC) networks
US10630467B1 (en) 2019-01-04 2020-04-21 Blue Ridge Networks, Inc. Methods and apparatus for quantum-resistant network communication
US11063753B2 (en) * 2019-03-20 2021-07-13 Arris Enterprises Llc Secure distribution of device key sets over a network
US11743242B2 (en) * 2020-07-27 2023-08-29 Charter Communications Operating, Llc Establishing an encrypted communications channel without prior knowledge of the encryption key
CN112492004B (zh) * 2020-11-17 2023-02-17 深圳市晨北科技有限公司 本地通信链接的建立方法及设备、系统及存储介质

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5235642A (en) 1992-07-21 1993-08-10 Digital Equipment Corporation Access control subsystem and method for distributed computer system using locally cached authentication credentials
WO1995008885A1 (en) * 1993-09-20 1995-03-30 International Business Machines Corporation System and method for changing the key or password in a secure distributed communications network
US5544322A (en) * 1994-05-09 1996-08-06 International Business Machines Corporation System and method for policy-based inter-realm authentication within a distributed processing system
IL113259A (en) * 1995-04-05 2001-03-19 Diversinet Corp A device and method for a secure interface for secure communication and data transfer
US5602918A (en) * 1995-12-22 1997-02-11 Virtual Open Network Environment Corp. Application level security system and method
SE506775C2 (sv) * 1996-06-04 1998-02-09 Ericsson Telefon Ab L M Sätt och anordning för samtidig telefon- och Internetförbindelse på en telefonlinje
US5796830A (en) * 1996-07-29 1998-08-18 International Business Machines Corporation Interoperable cryptographic key recovery system
US5864665A (en) * 1996-08-20 1999-01-26 International Business Machines Corporation Auditing login activity in a distributed computing environment
US5867495A (en) * 1996-11-18 1999-02-02 Mci Communications Corporations System, method and article of manufacture for communications utilizing calling, plans in a hybrid network
US5917817A (en) 1996-12-06 1999-06-29 International Business Machines Corporation User invocation of services in public switched telephone network via parallel data networks
US5923756A (en) * 1997-02-12 1999-07-13 Gte Laboratories Incorporated Method for providing secure remote command execution over an insecure computer network
TR199902599T2 (xx) 1997-04-15 2001-02-21 Mci Worldcom, Inc. Anahtarlanm�� telefon ileti�imi i�in sistem/y�ntem/ara�.
US5999612A (en) 1997-05-27 1999-12-07 International Business Machines Corporation Integrated telephony and data services over cable networks
DE60024800T2 (de) * 1999-04-09 2006-07-06 General Instrument Corporation Schlüsselverwaltung zwischen kabeltelefonsystemadapter und signaleinrichtungkontrolle
EP1320975B1 (en) * 2000-09-22 2005-12-07 General Instrument Corporation Internet protocol telephony security architecture
US20030163693A1 (en) * 2002-02-28 2003-08-28 General Instrument Corporation Detection of duplicate client identities in a communication system

Also Published As

Publication number Publication date
EP1169833B1 (en) 2005-12-14
AU4213600A (en) 2000-11-14
DE60024800D1 (de) 2006-01-19
CA2365856A1 (en) 2000-10-19
DE60024800T2 (de) 2006-07-06
ATE313200T1 (de) 2005-12-15
HK1045917B (zh) 2004-09-10
EP1171989A2 (en) 2002-01-16
WO2000062507A1 (en) 2000-10-19
WO2000062519A3 (en) 2001-02-08
US20090323954A1 (en) 2009-12-31
CA2370471A1 (en) 2000-10-19
US20050027985A1 (en) 2005-02-03
CN1346563A (zh) 2002-04-24
US8544077B2 (en) 2013-09-24
WO2000062519A9 (en) 2002-02-21
WO2000062519A2 (en) 2000-10-19
HK1045917A1 (en) 2002-12-13
CA2365856C (en) 2011-11-01
EP1169833A1 (en) 2002-01-09
US7568223B2 (en) 2009-07-28
AU4079200A (en) 2000-11-14

Similar Documents

Publication Publication Date Title
CN1127835C (zh) 有线电话适配器与相连信令控制器之间的密钥管理
US6038322A (en) Group key distribution
US8086847B2 (en) Computer program product and computer system for peer-to-peer communications
US8327129B2 (en) Method, apparatus and system for internet key exchange negotiation
EP2335391B1 (en) Key management in a communication network
US20080307110A1 (en) Conditional BGP advertising for dynamic group VPN (DGVPN) clients
US20090210699A1 (en) Method and apparatus for secure network enclaves
EP1374533B1 (en) Facilitating legal interception of ip connections
CN101651539A (zh) 更新及分配加密密钥
CN109981584B (zh) 一种基于区块链的分布式社交方法
EP1384370B1 (en) Method and system for authenticating a personal security device vis-a-vis at least one remote computer system
EP1493243B1 (en) Secure file transfer
CN112332986B (zh) 一种基于权限控制的私有加密通信方法及系统
Kim et al. Cryptanalysis and improvement of password authenticated key exchange scheme between clients with different passwords
CN107635227A (zh) 一种群组消息加密方法及装置
US20020199102A1 (en) Method and apparatus for establishing a shared cryptographic key between energy-limited nodes in a network
CN107493294B (zh) 一种基于非对称加密算法的ocf设备的安全接入与管理控制方法
CN113572788A (zh) BACnet/IP协议设备认证安全方法
CN100571133C (zh) 媒体流安全传输的实现方法
US8793494B2 (en) Method and apparatus for recovering sessions
EP1623527A1 (en) A process for secure communication over a wireless network, related network and computer program product
JP2001177514A (ja) 通信方法および通信装置
CN100499649C (zh) 一种实现安全联盟备份和切换的方法
US6975729B1 (en) Method and apparatus for facilitating use of a pre-shared secret key with identity hiding
CN111310210B (zh) 基于口令和匿签密的双重认证对称可搜索加密方法

Legal Events

Date Code Title Description
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C06 Publication
PB01 Publication
C14 Grant of patent or utility model
GR01 Patent grant
ASS Succession or assignment of patent right

Owner name: GENERAL MATERIAL HOLDING CO., LTD.

Free format text: FORMER OWNER: GENERAL INSTRUMENT CORP.

Effective date: 20130918

Owner name: MOTOROLA MOBILITY LLC

Free format text: FORMER OWNER: GENERAL MATERIAL HOLDING CO., LTD.

Effective date: 20130918

C41 Transfer of patent application or patent right or utility model
TR01 Transfer of patent right

Effective date of registration: 20130918

Address after: Illinois State

Patentee after: MOTOROLA MOBILITY LLC

Address before: California, USA

Patentee before: General Equipment Holdings Ltd.

Effective date of registration: 20130918

Address after: California, USA

Patentee after: General Equipment Holdings Ltd.

Address before: American Pennsylvania

Patentee before: General Instrument Corp.

CX01 Expiry of patent term
CX01 Expiry of patent term

Granted publication date: 20031112