Methods and apparatus for increasing security and control of voice communication sessions using digital certificates

US 20070150723A1
Filed: 12/23/2005
Published: 06/28/2007
Est. Priority Date: 12/23/2005
Status: Abandoned Application

First Claim

Patent Images

1. A private network certificate control mechanism for use in facilitating secure Push-To-Talk (PTT) over Cellular (PoC) communications for mobile communication devices associated with a private communication network, the interface having:

a certificate controller;

the certificate controller being adapted to communicate with a Certificate Authority (CA) component so as to produce and store a plurality of digital certificates for a plurality of mobile communication devices associated with a private communication network; and

the certificate controller being further adapted to communicate with one of a PoC server and a PoC group list server over a public communication network so as to provide the plurality of digital certificates for secure PoC communication sessions for chat groups which include the plurality of mobile communication devices.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus for increasing security and control of voice communication sessions, such as Push-To-Talk (PTT) over Cellular (PoC) sessions, using digital certificates are disclosed. A certificate control mechanism of a private communication network is used to help facilitate secure PoC sessions for mobile communication devices associated with the private network. The certificate control mechanism of includes a certificate controller which is adapted to communicate with a Certificate Authority (CA) component which produces and stores a plurality of digital certificates for the mobile devices. The certificate controller is further adapted to communicate with one of a PoC server and a PoC group list server through a public communication network (e.g. the Internet) so as to provide the plurality of digital certificates for secure PoC communication sessions for chat groups which include the plurality of mobile communication devices. In one illustrative technique, a request message for participation in a PoC session is received by an authentication component of a PoC server from a mobile device. The request message is signed with use of a private key of a digital certificate which may be associated with the mobile device, an end user of the mobile device, or a chat group which includes the mobile device. An authentication procedure is performed on the request message by the authentication component. The authentication procedure includes retrieving a public key associated with the digital certificate and attempting to validate the signature with use of the public key. Processing for the PoC communication session is permitted for the mobile communication device if the authentication is successful, and otherwise denied. Several other techniques and variations are described.

80 Citations

View as Search Results

31 Claims

1. A private network certificate control mechanism for use in facilitating secure Push-To-Talk (PTT) over Cellular (PoC) communications for mobile communication devices associated with a private communication network, the interface having:
- a certificate controller;
  
  the certificate controller being adapted to communicate with a Certificate Authority (CA) component so as to produce and store a plurality of digital certificates for a plurality of mobile communication devices associated with a private communication network; and
  
  the certificate controller being further adapted to communicate with one of a PoC server and a PoC group list server over a public communication network so as to provide the plurality of digital certificates for secure PoC communication sessions for chat groups which include the plurality of mobile communication devices.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The certificate control mechanism of claim 1, further comprising:
    - an interface which is adapted to communicate with the certificate controller and with the one of the PoC server and the PoC group list server.
  - 3. The certificate control mechanism of claim 1, wherein the certificate controller is further adapted to, for each one of a plurality of mobile communication devices:
    - request and receive, from the CA, a digital certificate for the mobile communication device; and
      
      provide the digital certificate to the one of the PoC server and the PoC group list server so that the PoC server is able to authenticate request messages for participating in PoC communication sessions from the mobile communication device.
  - 4. The certificate control mechanism of claim 1, wherein the certificate controller is further adapted to:
    - request and receive, from the CA, a digital certificate for a chat group of mobile communication devices; and
      
      provide the digital certificate to the one of the PoC server and the PoC group list server so that the PoC server is able to authenticate request messages for participation in PoC communication sessions from the mobile communication devices of the chat group.
  - 5. The certificate control mechanism of claim 1, wherein the one of the PoC server and the PoC group list server are part of a first wireless communication network and the certificate controller is further adapted to communicate with another one of a PoC server and a PoC group list server of a second wireless communication network.
  - 6. The certificate control mechanism of claim 1, wherein the public communication network comprises the Internet and the private communication network includes a firewall between the private communication network and the Internet.

7. A method for use by an authentication component of a voice session server for establishing a voice communication session for a plurality of mobile communication devices, the method comprising the acts of:
- receiving, from a mobile communication device, a request message for the voice communication session which is signed with a private key associated with a digital certificate;
  
  causing an authentication to be performed on the request message, which includes;
  
  retrieving a public key associated with the digital certificate;
  
  attempting to verify the signature in the request message using the public key; and
  
  permitting processing for the voice communication session for the mobile communication device if the authentication is successful.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The method of claim 7, wherein the voice communication session comprises a Push-To-Talk (PTT) over Cellular (PoC) communication session and the voice session server comprises a PoC server.
  - 9. The method of claim 7, wherein the digital certificate is associated with one of the mobile communication device, an end user of the mobile communication device, and a chat group which includes the mobile communication device.
  - 10. The method of claim 7, wherein the digital certificate comprises a first digital certificate, the private key comprises a first private key, and the public key comprises a first public key, and wherein at least a portion of the request message is encrypted with a second public key of a second digital certificate associated with one of the authentication component of the voice session server and a private network of the mobile communication device, the method further comprising the act of:
    - decrypting the at least portion of the request message with a second private key of the second digital certificate.
  - 11. The method of claim 7, wherein the digital certificate comprises a first digital certificate, the private key comprises a first private key, and the public key comprises a first public key, the method further comprising:
    - causing an invitation message for the voice communication session to be sent to at least one other mobile communication device which is signed with a second private key of a second digital certificate associated with one of the authentication component of the voice session server and a private network associated with the at least one other mobile communication device.
  - 12. The method of claim 7, wherein the digital certificate comprises a first digital certificate, the private key comprises a first private key, and the public key comprises a first public key, the method further comprising:
    - causing an invitation message for the voice communication session to be sent to at least one other mobile communication device which is encrypted using a second public key of a second digital certificate associated with one of the at least one other mobile communication device and a chat group associated with the at least one other mobile communication device.
  - 13. The method of claim 7, wherein the digital certificate comprises a first digital certificate, the private key comprises a first private key, and the public key comprises a first public key, the method further comprising:
    - causing an invitation message for the voice communication session to be sent to at least one other mobile communication device; and
      
      receiving, from the at least one mobile communication device, an acceptance message for the voice communication session which is signed with a second private key associated with a second digital certificate;
      
      causing an authentication to be performed on the acceptance message, which includes;
      
      retrieving a second public key associated with the second digital certificate;
      
      attempting to verify the signature of the acceptance message with use of the second public key; and
      
      permitting processing for the voice communication session for the at least one other mobile communication device if the authentication is successful.
  - 14. The method of claim 7, which is embodied as a computer program product comprising a computer readable medium and computer instructions stored in the computer readable medium which are executable by one or more processors for performing the method.

15. An authentication component of a voice session server for establishing a voice communication session for a plurality of mobile communication devices, the authentication component being adapted to receive, from a mobile communication device, a request message for the voice communication session which is signed using a private key associated with a digital certificate;
- cause an authentication to be performed on the request message which includes retrieving a public key associated with the signed digital certificate and attempting to verify the signature in the request message with use of the public key; and
  
  permit processing for the voice communication session for the mobile communication device if the authentication is successful.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The authentication component of claim 15, wherein the voice communication session comprises a Push-To-Talk (PTT) over Cellular (PoC) communication session and the voice session server comprises a PoC server.
  - 17. The authentication component of claim 15, wherein the digital certificate comprises a first digital certificate, the private key comprises a first private key, and the public key comprises a first public key, and the at least a portion of the request message is encrypted with a second public key of a second digital certificate associated with one of the authentication component of the voice session server and a private network of the mobile communication device, and the authentication component is further adapted to decrypt the at least portion of the request message with a second private key associated with the second digital certificate.
  - 18. The authentication component of claim 15, wherein the digital certificate comprises a first digital certificate, and the authentication component is further adapted to cause an invitation message for the voice communication session to be sent to at least one other mobile communication device with a second digital certificate associated with one of the authentication component of the voice session server and a private network associated with the at least one other mobile communication device.
  - 19. The authentication component of claim 15, wherein the digital certificate comprises a first digital certificate, and the authentication component is further adapted to cause an invitation message for the voice communication session to be sent to at least one other mobile communication device which is encrypted using a public key of a second digital certificate.
  - 20. The authentication component of claim 15, wherein the digital certificate comprises a first digital certificate, the private key comprises a first private key, and the public key comprises a first public key, and the authentication component is further adapted to cause an invitation message for the voice communication session to be sent to at least one other mobile communication device;
    - receive, from the at least one mobile communication device, an acceptance message for the voice communication session which is signed using a second private key of a second digital certificate;
      
      cause an authentication to be performed on the acceptance message which includes retrieving a second public key associated with the second digital certificate and attempting to verify the signature with use of the second public key; and
      
      permit processing for the voice communication session for the at least one other mobile communication device if the authentication is successful.

21. A method for use by a mobile communication device in establishing a voice communication session with one or more other mobile communication devices in a communication system, the method comprising the acts of:
- signing a request message for the voice communication session with a private key associated with a digital certificate;
  
  causing the request message for the voice communication session to be sent through a wireless communication network for authentication within the communication system; and
  
  engaging in the voice communication session with the one or more mobile communication devices based on the authentication.
- View Dependent Claims (22, 23, 24, 25, 26)
- - 22. The method of claim 21, wherein the digital certificate comprises a first digital certificate, the private key comprises a first private key, and the public key comprises a first public key, the method further comprising:
    - encrypting at least a portion of the request message with a second public key of a second digital certificate associated with a voice session server in the communication system which is adapted to facilitate the voice communication session.
  - 23. The method of claim 21, wherein the digital certificate comprises a first digital certificate, the private key comprises a first private key, and the public key comprises a first public key and the method further comprises:
    - encrypting at least a portion of the request message with a second public key of a second digital certificate associated with a private network associated with the mobile communication device.
  - 24. The method of claim 21, wherein the request message further comprises one or more identifiers of the one or more mobile communication devices associated with a chat group for the voice communication session.
  - 25. The method of claim 21, wherein the request message further comprises a chat group identifier associated with a chat group for the voice communication session.
  - 26. The method of claim 21, wherein the voice communication session comprises a Push-To-Talk (PTT) over Cellular (PoC) communication session.

27. A mobile communication device, comprising:
- a wireless transceiver;
  
  one or more processors coupled to the wireless transceiver;
  
  the one or more processors being adapted to;
  
  sign a request message for the voice communication session with a private key associated with a digital certificate;
  
  cause the request message for the voice communication session to be sent, via the wireless transceiver, for authentication within the communication system; and
  
  engage in the voice communication session with the one or more mobile communication devices based on the authentication.
- View Dependent Claims (28, 29, 30, 31)
- - 28. The mobile communication device of claim 27, wherein the digital certificate comprises a first digital certificate, the private key comprises a first private key, and the public key comprises a first public key, and the one or more processors are further adapted to encrypt at least a portion of the request message with a second public key of a second digital certificate associated with a voice session server in the communication system which is adapted to facilitate the voice communication session.
  - 29. The mobile communication device of claim 27, wherein the digital certificate comprises a first digital certificate, the private key comprises a first private key, and the public key comprises a first public key, and the one or more processors are further adapted to encrypt at least a portion of the request message with a second public key of a second digital certificate associated with a private network associated with the mobile communication device.
  - 30. The mobile communication device of claim 27, wherein the request message further comprises one or more identifiers associated with the one or more mobile communication devices.
  - 31. The mobile communication device of claim 27, wherein the request message further comprises a chat group identifier associated with a chat group for the voice communication session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Blackberry Limited
Original Assignee
Blackberry Limited
Inventors
Estable, Luis, Mousseau, Gary

Application Number

US11/317,486
Publication Number

US 20070150723A1
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 63/101   Access control lists [ACL]

H04L 65/1016   IP multimedia subsystem [IMS]

H04L 65/4061   Push-to services, e.g. push...

H04W 12/06   Authentication

H04W 12/71   Hardware identity

Methods and apparatus for increasing security and control of voice communication sessions using digital certificates

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

80 Citations

31 Claims

Specification

Use Cases

Quick Links

Others

Methods and apparatus for increasing security and control of voice communication sessions using digital certificates

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

80 Citations

31 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others