METHOD AND SYSTEM FOR INTEGRATING SECURITY MECHANISMS INTO SESSION INITIATION PROTOCOL REQUEST MESSAGES FOR CLIENT-PROXY AUTHENTICATION
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system is provided to integrate the Kerberos security mechanism into the message flow of the signaling operation under the Session Initiation Protocol to allow a SIP client and a SIP proxy to authenticate each other. When the SIP proxy receives an request message, such an INVITE request, from the SIP client, it responds with a challenge message indicating that authentication based on Kerberos is required. In response, the SIP client sends a second request message with a proxy authorization header containing authentication data, including a Kerberos server ticket for the Proxy, to allow the proxy to authenticate the client'"'"'s user.
-
Citations
48 Claims
-
1-28. -28. (canceled)
-
29. A method of a Session Initiation Protocol (“
- SIP”
) client for providing mutual authentication between the SIP client and a SIP proxy, comprising;
sending to the SIP proxy a first request;
receiving from the SIP proxy a first challenge to the first request that includes a SIP proxy security context;
in response to the SIP client receiving the first challenge, obtaining from a distribution center a session key of the SIP proxy and a server ticket, the server ticket encrypted with a key of the SIP proxy and including authentication data of the SIP client; and
sending to the SIP proxy a second request signed using the session key and including the server ticket and a security context based on the SIP proxy security context;
receiving from the SIP proxy a first response to the second request; and
verifying that the first response was signed using the session key to authenticate the SIP proxy. - View Dependent Claims (30, 31, 32, 33, 34, 35)
- SIP”
-
36. A computer-readable medium having computer executable instructions for controlling a Session Initiation Protocol (“
- SIP”
) proxy to provide mutual authentication with a SIP client, by a method comprising;
receiving a first request from the SIP client;
in response to the first request, sending to the SIP client a first challenge that includes a SIP proxy security context;
determining a session key of the SIP proxy with a distribution center;
receiving a second request from the SIP client that includes a server ticket;
in response to the second request, decrypting the server ticket of the second request using a key of the SIP proxy; and
when authentication data of the SIP client in the decrypted server ticket indicates that the SIP client is authentic, a security context included in the second request matches the SIP proxy security context, and the second request is signed by the session key, signing a response with the session key to establish authentication of the response and forwarding the signed response to the SIP client. - View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45)
- SIP”
-
46. A computing system for providing mutual authentication between a Session Initiation Protocol (“
- SIP”
) client and a SIP proxy, comprising;
a SIP client component that sends a first request to the SIP proxy;
in response to receiving from the SIP proxy a challenge to the first request, the challenge including a SIP proxy security context, obtains from a distribution center a session key of the SIP proxy and a server ticket, the server ticket encrypted with a key of the SIP proxy and including authentication data of the SIP client;
sends to the SIP proxy a second request signed using the session key and that includes the server ticket and a security context based on the SIP proxy security context;
receives from the SIP proxy a response to the second request; and
authenticates the SIP proxy by verifying that the response was signed using the session key; and
a SIP proxy component that upon receiving the first request from the SIP client, sends to the SIP client the challenge that includes the SIP proxy security context; and
creates the session key with the distribution center;
upon receiving the second request from the SIP client, decrypts the server ticket of the second request using the key of the SIP proxy; and
when authentication data of the SIP client in the decrypted server ticket indicates that the SIP client is authentic, the security context included in the second request matches the SIP proxy security context, and the second request is signed by the session key, generates the response by signing with the session key to establish authentication of the response; and
sends the response to the SIP client. - View Dependent Claims (47, 48)
- SIP”
Specification