METHOD AND SYSTEM FOR KEY MANAGEMENT IN VOICE OVER INTERNET PROTOCOL
First Claim
1. A method, comprising:
- computing keying material from a previously-stored shared secret value and a random cryptographic keying material for a VOIP communication session;
generating a session key from the keying material for encrypting the VOIP communication session between the first user and the second user utilizing (a) a public key encryption key agreement scheme and, if a portion of key material received from the second user properly verified, (b) the previously stored shared secret;
computing and storing a new shared secret value; and
if the portion of key material received from the second user did not properly verify, enabling the first user to perform audible voice authentication.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and system for a secure telephone protocol are disclosed, which can be implemented using current Voice over IP (VoIP) protocols, Session Initiation Protocol (SIP, as specified in the Request for Comment (RFC) 3261 from the Internet Engineering Task Force (IETF)), Real Time Transport Protocol (RTP, as specified in RFC 3550), and Secure RTP (SRTP, as specified in RFC 3711). The secure telephone protocol can include a shared secret value that is cached and then re-used later to authenticate a long series of session keys to be used for numerous separate secure phone calls over a long period of time, thereby providing cryptographic key continuity without the need for voice authentication. In an embodiment, the secure telephone protocol can utilize the Diffie-Hellman key exchange during call setup, and AES for encrypting the voice stream.
-
Citations
7 Claims
-
1. A method, comprising:
-
computing keying material from a previously-stored shared secret value and a random cryptographic keying material for a VOIP communication session;
generating a session key from the keying material for encrypting the VOIP communication session between the first user and the second user utilizing (a) a public key encryption key agreement scheme and, if a portion of key material received from the second user properly verified, (b) the previously stored shared secret;
computing and storing a new shared secret value; and
if the portion of key material received from the second user did not properly verify, enabling the first user to perform audible voice authentication. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method, comprising:
during a VOIP communication between two users, performing call set up in a media layer comprising;
retrieving, for a first user, a previously-stored shared secret value corresponding to a second user;
computing a hash value for the first user using the previously stored shared secret value;
sending the hash value of a first user to a second user;
receiving, by the first user, a hash value from the second user;
verifying, by the first user, that the hash value received from the second user corresponds to the previously stored shared secret;
generating a session key for encrypting the VOIP communication session between the first user and the second user utilizing a public key encryption key agreement scheme and, if the hash value received from the second user properly verified, the previously stored shared secret;
computing and storing a new shared secret value;
if the hash value received from the second user did not properly verify, performing audible voice authentication.
-
7. A system, comprising:
-
means for retrieving a value for a previously stored shared secret of a first user;
means for computing a hash value for the first user using the previously stored shared secret;
means for sending the hash value of a first user to a second user;
means for receiving, by the first user, a hash value from the second user;
means for verifying, by the first user, the hash value received from the second user;
means for generating a session key for encrypting a VOIP communication session between the first user and the second user utilizing a public key encryption key agreement scheme and the previously stored shared secret value;
means for computing a new shared secret value;
means for performing audible voice authentication if the hash value received from the second user did not properly verify; and
means for storing the new shared secret value if voice authentication succeeded;
wherein the system is physically located apart from the apparatus utilized for the VOIP communication session between the users.
-
Specification