Systems and methods for conducting secure VOIP multi-party calls
First Claim
1. A method comprising:
- communicating, via a communication interface of a conference-call server, during a conference-call session, a plurality of data packets over a data network with a plurality of remote endpoints of the conference-call session, each data packet comprising a packet head and an encrypted packet payload comprising encrypted audio;
receiving, via the communication interface during the conference-call session, at a cryptographic interface of the conference-call server coupled to the communication interface, the respective data packets sent from the respective remote endpoints, the cryptographic interface relaying the respective data packets to respective server-side hardware elements of a plurality of server-side secure hardware elements, the cryptographic interface comprising a plurality of individual physical-connection ports, each of the individual physical-connection ports configured to connect to the respective server-side secure hardware elements;
each of the server-side secure hardware elements of the conference-call server establishing a respective cryptographic relationship with a different respective remote endpoint of the conference-call session at least in part by negotiating respective cryptographic key information with its respective remote endpoint, each such cryptographic relationship having its own security parameters that (i) include the cryptographic key information and (ii) are inaccessible to the communication interface;
each server-side secure hardware element decrypting the encrypted packet payload of the respective relayed data packet using its respective security parameters;
an audio mixer receiving the respective decrypted audio of the respective decrypted packet payload from the respective server-side secure hardware elements, mixing the respective decrypted audio, and providing unencrypted mixed audio back to each of the plurality of server-side secure elements;
each server-side secure hardware element encrypting the unencrypted mixed audio using its respective security parameters; and
parameters andthe cryptographic interface outputting the respective encrypted mixed audio to the communication interface for transmission via the communication interface to the respective remote endpoint.
1 Assignment
0 Petitions
Accused Products
Abstract
System and method for establish secure conference calls. In one example system, a central conference call server establishes point-to-point connections with accessory devices comprising a secure element and connected to corresponding participant devices. The conference call server includes an interface to a plurality of secure elements configured to perform scrambling and unscrambling of media signals communicated to and from the accessory devices. In another example, one of the participant devices operates as the central conference call server. In other examples, participant devices communicate on a conference call via point-to-point connections between all accessory devices connected to the participant devices. The accessory devices include secure elements for decryption and encryption of media signals communicated between the accessory devices.
109 Citations
19 Claims
-
1. A method comprising:
-
communicating, via a communication interface of a conference-call server, during a conference-call session, a plurality of data packets over a data network with a plurality of remote endpoints of the conference-call session, each data packet comprising a packet head and an encrypted packet payload comprising encrypted audio; receiving, via the communication interface during the conference-call session, at a cryptographic interface of the conference-call server coupled to the communication interface, the respective data packets sent from the respective remote endpoints, the cryptographic interface relaying the respective data packets to respective server-side hardware elements of a plurality of server-side secure hardware elements, the cryptographic interface comprising a plurality of individual physical-connection ports, each of the individual physical-connection ports configured to connect to the respective server-side secure hardware elements; each of the server-side secure hardware elements of the conference-call server establishing a respective cryptographic relationship with a different respective remote endpoint of the conference-call session at least in part by negotiating respective cryptographic key information with its respective remote endpoint, each such cryptographic relationship having its own security parameters that (i) include the cryptographic key information and (ii) are inaccessible to the communication interface; each server-side secure hardware element decrypting the encrypted packet payload of the respective relayed data packet using its respective security parameters; an audio mixer receiving the respective decrypted audio of the respective decrypted packet payload from the respective server-side secure hardware elements, mixing the respective decrypted audio, and providing unencrypted mixed audio back to each of the plurality of server-side secure elements; each server-side secure hardware element encrypting the unencrypted mixed audio using its respective security parameters; and
parameters andthe cryptographic interface outputting the respective encrypted mixed audio to the communication interface for transmission via the communication interface to the respective remote endpoint. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A conference-call server comprising:
-
a communication interface configured to communicate, during a conference-call session, a plurality of data packets over a data network with a plurality of remote endpoints of the conference-call session, each data packet comprising a packet header and an encrypted packet payload comprising encrypted audio; a cryptographic interface coupled to the communication interface, the cryptographic interface comprising a plurality of individual physical-connection ports, each of the individual physical-connection ports configured to connect to a respective server-side secure hardware element of a plurality of server-side secure hardware elements, the cryptographic interface configured to receive, via the communication interface during the conference-call session, the respective data packets sent from the respective remote endpoints and to relay the respective data packets to the respective server-side secure hardware elements; each server-side secure hardware element configured to; establish a respective cryptographic relationship with a different respective remote endpoint of the plurality of remote endpoints of the conference-call session at least in part by negotiating respective cryptographic key information with its respective remote endpoint, each such cryptographic relationship having its own security parameters that (i) include the cryptographic key information and (ii) are inaccessible to the communication interface; and decrypt the encrypted packet payload of the respective relayed data packet using its respective security parameters; an audio mixer configured to receive the respective decrypted audio of the respective decrypted packet payload from the respective server-side secure hardware elements, to mix the respective decrypted audio, and to provide unencrypted mixed audio back to each of the plurality of server-side secure hardware elements, wherein each server-side secure hardware element is further configured to encrypt the unencrypted mixed audio using its respective security parameters, wherein the cryptographic interface is further configured to output the respective encrypted mixed audio from the respective server-side secure hardware elements to the communication interface for transmission via the communication interface to the respective remote endpoint. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
Specification