Providing encrypted real time data transmissions on a network
First Claim
Patent Images
1. A method for providing secure communications on a network having unsecure communications thereon, comprising:
- generating a first message, at a first network endpoint, according to a predetermined control protocol for controlling real time or nearly so communications on the network, wherein said first message includes a request for encrypted real time or nearly so communications in a predetermined real time protocol for real time or nearly so communications between the first network endpoint and a second network endpoint;
sending said first message to the second network endpoint, via the network, in the control protocol;
at the second network endpoint, parsing said first message according to said control protocol;
determining whether said request for encrypted real time or nearly so communications between said first and second network endpoints can be satisfied at the second network endpoint;
when said request can be satisfied at the second network endpoint, the following steps (a)-(c) are performed;
(a) receiving, at the first network endpoint from the second network endpoint, a second message in said control protocol;
wherein said second message provides encryption related data for operatively configuring a first cypher accessed by the first network endpoint for encrypting data input to the first network endpoint, and wherein there is a second cypher at the second network endpoint operatively configured to decrypt encrypted information communicated on the network in the real time protocol from the first cypher, wherein the encrypted information corresponds in content to the data input to the first cypher, and wherein said second cypher is operatively configured using encryption related data received from the first network endpoint;
(b) until a predetermined condition occurs, performing the following steps (b 1) and (b2);
(b1) encrypting with said first cypher, information that is input to the first network endpoint;
(b2) transmitting on the network, from the first network endpoint, an encrypted version, of said information, output by said first cypher, wherein said encrypted version is transmitted in the real time protocol, wherein said encrypted version is decrypted by said second cypher when said encrypted version is received by said second endpoint;
(c) upon said predetermined condition occurring, generating a third message, at one of the first and second network endpoints, according to the control protocol, wherein said third message includes encryption related data for reconfiguring at least one of said first and second ciphers for decrypting the real time data provided by the first network endpoint differently.
12 Assignments
0 Petitions
Accused Products
Abstract
A method and system for providing secure network communications that are provided in a communications protocol designed to support real time (or nearly so) communications on networks such as the Internet. Encrypt/decryption parameters and techniques are determined by the network endpoints whose communications are to be encrypted. Such determinations are made in a control protocol that controls network communications in the communications protocol. The communications protocol may be the Real Time Protocol (RTP), and the control protocol may be the Real Time Control Protocol (RTCP).
133 Citations
28 Claims
-
1. A method for providing secure communications on a network having unsecure communications thereon, comprising:
-
generating a first message, at a first network endpoint, according to a predetermined control protocol for controlling real time or nearly so communications on the network, wherein said first message includes a request for encrypted real time or nearly so communications in a predetermined real time protocol for real time or nearly so communications between the first network endpoint and a second network endpoint;
sending said first message to the second network endpoint, via the network, in the control protocol;
at the second network endpoint, parsing said first message according to said control protocol;
determining whether said request for encrypted real time or nearly so communications between said first and second network endpoints can be satisfied at the second network endpoint;
when said request can be satisfied at the second network endpoint, the following steps (a)-(c) are performed;
(a) receiving, at the first network endpoint from the second network endpoint, a second message in said control protocol;
wherein said second message provides encryption related data for operatively configuring a first cypher accessed by the first network endpoint for encrypting data input to the first network endpoint, and wherein there is a second cypher at the second network endpoint operatively configured to decrypt encrypted information communicated on the network in the real time protocol from the first cypher, wherein the encrypted information corresponds in content to the data input to the first cypher, and wherein said second cypher is operatively configured using encryption related data received from the first network endpoint;
(b) until a predetermined condition occurs, performing the following steps (b 1) and (b2);
(b1) encrypting with said first cypher, information that is input to the first network endpoint;
(b2) transmitting on the network, from the first network endpoint, an encrypted version, of said information, output by said first cypher, wherein said encrypted version is transmitted in the real time protocol, wherein said encrypted version is decrypted by said second cypher when said encrypted version is received by said second endpoint;
(c) upon said predetermined condition occurring, generating a third message, at one of the first and second network endpoints, according to the control protocol, wherein said third message includes encryption related data for reconfiguring at least one of said first and second ciphers for decrypting the real time data provided by the first network endpoint differently. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An apparatus for providing encrypted communications on a network, comprising:
-
an interface to a communications network for at least one of transmitting and receiving RTP and RTCP data packets via the network;
one or more cyphers for at least one of;
encrypting information to be transmitted via said interface and the network, and decrypting information received via said interface and the network;
an encryption parameter generator for generating encryption parameter data to be used by;
(a) a first of said one or more cyphers, and (b) an additional cypher, wherein at least a portion of said encryption parameter data is communicated to said additional cypher via said interface and the network;
a parser for parsing RTCP and RTP data packets communicated on the network so that second encryption parameter data is obtained from one or more of said RTCP data packets;
wherein after being parsed, said second encryption parameter data is input to said encryption generator for generating encryption key data, wherein at least one value of said encryption key data is transmitted, via said interface and the network, to said additional cypher for use in one of encrypting, and at least one value is used to configure said first cypher for one of encrypting and decrypting said RTP data packets;
wherein for obtaining said second encryption parameter data, said RTCP data packets includes at least some of;
(i) an identification of a version of RTP that is available at a network site that transmits said RTCP data packets, (ii) an identifier for designating whether a request for initiation of encrypted communications is being provided, (iii) an identifier for designating a particular technique for at least one of encrypting and decrypting real time data provided in said RTP data packets, (iv) an identifier for designating that a communication in RTP is encrypted, and (v) said second encryption parameter data. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A method for providing secure communications on a network having unsecure communications thereon, comprising:
-
receiving, from a first network endpoint, a first message at a second network endpoint, said first message represented in a predetermined communications control protocol for controlling real time or nearly so communications on the network that are represented in a predetermined real time protocol for real time or nearly so communications;
wherein said first message includes a request for encrypting real time or nearly so communications in said real time protocol between the first network endpoint and the second network endpoint;
parsing said first message according to said control protocol;
transmitting, to the first network endpoint, a second message in said control protocol;
wherein said second message provides encryption parameter data for operatively configuring a first cypher accessed by the first network endpoint for encrypting data input to the first network endpoint;
operatively configuring a second cypher accessed by the second network endpoint for one or more of (a1) and (a2);
(a1) decrypting encrypted information communicated on the network in the real time protocol from the first network endpoint, wherein the encrypted information corresponds in content to data input to the first network endpoint, and wherein said second cypher is operatively configured using encryption related data received from the first network endpoint;
(a2) encrypting second information input to said second network endpoint for transmitting an encrypted version of the second information to said first network endpoint in the real time protocol;
wherein at least one of;
(i) from an input of the information to the first network endpoint to an output of the information from the second network endpoint, the information is real time or nearly so, and (ii) from an input of the second information to the second network endpoint to an output of the second information from the first network endpoint, the second information is real time or nearly so. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
Specification