Methods and systems for communication-session arrangement on behalf of cryptographic endpoints

US 10,356,059 B2
Filed: 06/04/2015
Issued: 07/16/2019
Est. Priority Date: 06/04/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at a communication device from an accessory, a request to establish an audio-based encrypted media session between the accessory and a remote device wherein,(i) the accessory to the communication device is a first cryptographic endpoint of the requested audio-based encrypted media session, and(ii) the remote device is a second cryptographic endpoint of the requested audio-based encrypted media session,wherein the communication device is communicatively connected to a remote device as a second cryptographic endpoint of the requested audio-based encrypted audio-based media session, wherein the communication device is communicatively connected to,(i) the accessory via a Personal Area Network (PAN) communication link, and(ii) the remote device via a communication link separate from the PAN communication link;

in response to receiving the request, the communication device exchanging control data with the remote device on behalf of the accessory to establish the requested encrypted media session between the accessory and the remote device;

during the established encrypted audio based media session, the communication device relaying,(i) inbound encrypted-media-session payload data from the remote device to the accessory, the inbound encrypted-media-session payload data being encrypted such that decryption of the inbound encrypted-media-session payload data requires a first payload-data cryptographic key that is accessible to the accessory and that is not accessible to the communication device, and(ii) outbound encrypted-media-session payload data from the accessory to the remote device, the outbound encrypted-media-session payload data being encrypted such that decryption of the outbound encrypted-media-session payload data requires a second payload-data cryptographic key that is accessible to the remote device and that is not accessible to the communication device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an embodiment, a communication device receives a request to establish a media session with a remote endpoint. In response to receiving the request, the communication device exchanges media-session control data with the remote endpoint on behalf of a local endpoint to establish the requested media session between the local endpoint and the remote endpoint. The communication device is communicatively connected to the local endpoint via a Personal Area Network (PAN) communication link. The communication device relays media-session payload data between the local and remote endpoints. The media-session payload data (i) is associated with the media session and (ii) is encrypted based on at least one payload-data cryptographic key that is not accessible to the communication device.

98 Citations

27 Claims

1. A method comprising:
- receiving, at a communication device from an accessory, a request to establish an audio-based encrypted media session between the accessory and a remote device wherein,(i) the accessory to the communication device is a first cryptographic endpoint of the requested audio-based encrypted media session, and(ii) the remote device is a second cryptographic endpoint of the requested audio-based encrypted media session,wherein the communication device is communicatively connected to a remote device as a second cryptographic endpoint of the requested audio-based encrypted audio-based media session, wherein the communication device is communicatively connected to,(i) the accessory via a Personal Area Network (PAN) communication link, and(ii) the remote device via a communication link separate from the PAN communication link;
  
  in response to receiving the request, the communication device exchanging control data with the remote device on behalf of the accessory to establish the requested encrypted media session between the accessory and the remote device;
  
  during the established encrypted audio based media session, the communication device relaying,(i) inbound encrypted-media-session payload data from the remote device to the accessory, the inbound encrypted-media-session payload data being encrypted such that decryption of the inbound encrypted-media-session payload data requires a first payload-data cryptographic key that is accessible to the accessory and that is not accessible to the communication device, and(ii) outbound encrypted-media-session payload data from the accessory to the remote device, the outbound encrypted-media-session payload data being encrypted such that decryption of the outbound encrypted-media-session payload data requires a second payload-data cryptographic key that is accessible to the remote device and that is not accessible to the communication device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 2. The method of claim 1, wherein exchanging control data comprises receiving control data from the remote device.
  - 3. The method of claim 1, wherein the control data comprises metadata associated with the requested audio-based encrypted media session.
  - 4. The method of claim 1, wherein the control data comprises a public cryptographic key that is associated with the first payload-data cryptographic key.
  - 5. The method of claim 1, wherein the control data comprises a public cryptographic key that is associated with the second payload-data cryptographic key.
  - 6. The method of claim 1, wherein the control data comprises key-exchange data.
  - 7. , The method of claim 6, wherein the key-exchange data comprises components of a Diffie-Hellman key exchange, based on which the first payload-data cryptographic key and the second payload-data are established as a shared cryptographic key between the accessory and the remote device.
  - 8. The method of claim 1, wherein the control data comprises a digital signature.
  - 9. The method of claim 8, wherein the digital signature comprises a digital signature generated by the remote device based on a private cryptographic key that is associated with the remote device.
  - 10. The method of claim 8, wherein the digital signature comprises a digital signature generated by a trusted third party.
  - 11. The method of claim 8, wherein the control data further comprises a public cryptographic key, wherein the digital signature is based on the public cryptographic key.
  - 12. The method of claim 11, wherein the digital signature comprises a digital signature generated by a trusted third party based on the public cryptographic key.
  - 13. The method of claim 1, wherein the control data comprises Session Initial Protocol (SIP) data.
  - 14. The method of claim 1, wherein the control data comprises ZRTP data.
  - 15. The method of claim 1, wherein the control data comprises Secure Real-time Transport Protocol (SRTP) data.
  - 16. The method of claim 1, wherein the control data comprises Session Description Protocol (SDP) data.
  - 17. The method of claim 1, wherein relaying the inbound encrypted-media-session audio payload data comprises relaying media-session audio payload data that includes both the inbound encrypted-media-session audio payload data and a digital signature that is based on the inbound encrypted-media-session audio, payload data.
  - 18. The method of claim 17, wherein the digital signature comprises a digital signature generated by the remote device based on the inbound encrypted-media-session audio payload data.
  - 19. The method of claim 1, wherein the PAN communication link comprises a Bluetooth communication link.
  - 20. The method of claim 1, wherein the accessory is a headset.
  - 21. The method of claim 1, wherein the first payload-data cryptographic key and the second payload-data cryptographic key are symmetric keys.
  - 22. The method of claim 1, wherein the first payload-data cryptographic key is part of a first asymmetric key pair and the second payload-data cryptographic key is part of a second asymmetric key pair.
  - 23. The method as claimed in claim 1, wherein the audio-based encrypted media session comprises an encrypted video conference session.
  - 24. The method as claimed in claim 1, wherein the communication device comprises a phone.
  - 25. The method as claimed in claim 1, wherein the communication device comprises a handheld computer.
  - 26. The method of claim 24, wherein the PAN communication link comprises a Bluetooth communication link.

27. A communication device comprising:
- a Personal Area Network (PAN) communication link;
  
  a communication interface link separate from the PAN communication link;
  
  a processor; and
  
  data storage containing instructions executable by the processor for causing the communication device to carry out a set of functions, the set of functions comprising;
  
  receiving, via the communication link, a request to establish an audio-based encrypted media session between(i) an accessory to the communication device as a first cryptographic endpoint of the encrypted audio-based media session and(ii) a remote device as a second cryptographic endpoint of the encrypted audio-based media sessionin response to the communication device receiving the request, exchanging, via the communication link, control data with the remote device on behalf of the accessory to establish the requested encrypted audio-based media session between the accessory'"'"' and the remote device; and
  
  during the established encrypted audio-based media session, relaying(i) inbound encrypted-media-session audio payload data from the remote device to the accessory'"'"', the inbound encrypted-media-session audio payload data being encrypted such that decryption of the inbound encrypted-media-session audio payload data requires a first payload-data cryptographic key that is accessible to the accessory and is not accessible to the communication device and(ii) outbound encrypted-media-session audio payload data from the accessory to the remote device, the outbound encrypted-media-session audio payload data being encrypted such that decryption of the outbound encrypted-media-session audio payload data requires a second payload-data cryptographic key that is accessible to the remote device and is not accessible to the communication device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nagravision SA (Kudelski SA)
Original Assignee
Nagravision SA (Kudelski SA)
Inventors
Perrine, Jerome, Benoit, Bernard, Van Riek, Maurice, Karl, Osen
Primary Examiner(s)
Korsak, Oleg
Assistant Examiner(s)
Mejia, Feliciano S

Application Number

US14/730,807
Publication Number

US 20160359814A1
Time in Patent Office

1,503 Days
Field of Search

713171
US Class Current
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/045   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 65/1069   Session establishment or de...

H04L 65/1104   Session initiation protocol...

H04L 65/65   Network streaming protocols...

H04M 1/006   Call diverting means

H04M 1/2535   adapted for voice communica...

H04M 1/6066   including a wireless connec...

H04W 12/037   of the control plane, e.g. ...

H04W 4/80   Services using short range ...

Methods and systems for communication-session arrangement on behalf of cryptographic endpoints

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

98 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for communication-session arrangement on behalf of cryptographic endpoints

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

98 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links