Securing Voice over IP traffic
First Claim
1. A method of sending streamed data over an IP network from a first node to a second node, the method comprising:
- using Internet Key Exchange (IKE) to establish an IKE security association (SA) between the first and second nodes;
using the IKE SA to establish an IPSec SA between the first and second nodes;
encrypting the streamed data at the first node with a cipher using a shared secret forming part of said IPSec SA;
constructing IP datagrams containing in their payload segments of the encrypted streamed data, the datagrams not including an IPSec header or headers; and
sending the IP datagrams from the first node to the second node.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of sending streamed data over an IP network from a first node 1 to a second node 4, the method comprising using Internet Key Exchange (IKE) to establish an IKE security association (SA) between the first and second nodes 1,4. A shared secret is established between the first and second nodes using the IKE SA, and the streamed data encrypted at the first node 1 with a cipher using the shared secret or a key derived using the shared secret. IP datagrams are constructed containing in their payload, segments of the encrypted streamed data, the datagrams not including an IPSec header or headers. The IP datagrams are then sent from the first node 1 to the second node 4.
123 Citations
7 Claims
-
1. A method of sending streamed data over an IP network from a first node to a second node, the method comprising:
-
using Internet Key Exchange (IKE) to establish an IKE security association (SA) between the first and second nodes;
using the IKE SA to establish an IPSec SA between the first and second nodes;
encrypting the streamed data at the first node with a cipher using a shared secret forming part of said IPSec SA;
constructing IP datagrams containing in their payload segments of the encrypted streamed data, the datagrams not including an IPSec header or headers; and
sending the IP datagrams from the first node to the second node. - View Dependent Claims (2, 3, 4)
-
-
5. Apparatus for sending streamed data over an IP network to a peer node, the apparatus comprising:
-
processing means and memory containing software instructions for implementing IPSec protocols;
an application for delivering streamed data;
means for employing components of said processing means and memory containing software instructions for using Internet Key Exchange (IKE) to establish an IKE security association (SA) between the first and second nodes;
means for using the IKE SA to establish an IPSec SA between the first and second nodes, the IKE SA comprising a shared secret;
means for encrypting the streamed data with a cipher using the shared secret;
means for constructing IP datagrams containing in their payload segments of the encrypted streamed data, the datagrams not including an IPSec header or headers; and
transmission means for sending the IP datagrams from the first node to the second node. - View Dependent Claims (6, 7)
-
Specification