END-TO-END AUTHENTICATION OF SESSION INITIATION PROTOCOL MESSAGES USING CERTIFICATES

US 20080046745A1
Filed: 05/17/2007
Published: 02/21/2008
Est. Priority Date: 05/17/2002
Status: Active Grant

First Claim

Patent Images

1-48. -48. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

End-to-end authentication capability based on public-key certificates is combined with the Session Initiation Protocol (SIP) to allow a SIP node that receives a SIP request message to authenticate the sender of request. The SIP request message is sent with a digital signature generated with a private key of the sender and may include a certificate of the sender. The SIP request message my also be encrypted with a public key of the recipient. After receiving the SIP request, the receiving SIP node obtains a certificate of the sender and authenticates the sender based on the digital signature. The digital signature may be included in an Authorization header of the SIP request, or in a multipart message body constructed according to the S/MIME standard.

69 Citations

View as Search Results

70 Claims

1-48. -48. (canceled)

49. A method for transmitting information from a sending device to a receiving device using a protocol for establishing a session between the devices, the method comprising:
- encrypting the information using a public key of a receiver of the receiving device;
  
  signing the encrypted information using a private key of a sender of the sending device;
  
  adding the signed encrypted information to a message of the protocol; and
  
  sending from the sending device to the receiving device the message with the signed encrypted information wherein upon receiving the message, the receiving device can verify using the public key of the sender that the encrypted information was signed by the sender and can decrypt the information using the private key of the receiver.
- View Dependent Claims (50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66)
- - 50. The method of claim 49 wherein the information is a symmetric key.
  - 51. The method of claim 50 wherein the symmetric key is used to encrypt a message sent between the sending device and the receiving device.
  - 52. The method of claim 51 wherein the encrypted message is part of a session established using the protocol for establishing a session.
  - 53. The method of claim 52 wherein the established session is for instant messaging.
  - 54. The method of claim 52 wherein the established session is for sending a media stream.
  - 55. The method of claim 52 wherein the established session is for video conferencing.
  - 56. The method of claim 52 wherein the established session is for sending audio data.
  - 57. The method of claim 51 wherein the encrypted message is a message used in establishing the session.
  - 58. The method of claim 50 wherein the message is a request message inviting the receiving device to participate in the session.
  - 59. The method of claim 50 wherein the message is a response message responding to a request message of the protocol.
  - 60. The method of claim 50 wherein the protocol is the Session Initiation Protocol.
  - 61. The method of claim 50 wherein the receiving device obtains the public key of the sender from a certificate authority.
  - 62. The method of claim 50 wherein the message includes a chain of certificates issued by certificate authorities.
  - 63. The method of claim 49 wherein the information is used for secure communications using a different protocol.
  - 64. The method of claim The method of claim 49 wherein the information is a secret to be shared between the sending device and the receiving device.
  - 65. The method of claim 62 wherein the secret is randomly generated.
  - 66. The method of claim 49 wherein the message is sent via a first communications network and the information of the message is used for secure communications on a second communications network.

67. A computer-readable medium containing instructions for transmitting a symmetric key between a first device and a second device using a protocol for establishing a session between the devices, comprising:
- instructions for transmitting the symmetric key from the first device to the second device by encrypting the symmetric key using a public key associated with the second device, signing the encrypted symmetric key using a private key associated with the first device, adding the signed encrypted symmetric key to a message of the protocol, and sending from the first device to the second device the message with the signed encrypted symmetric key; and
  
  instructions for receiving the symmetric key sent from the second device to the first device by receiving a message having a symmetric key encrypted using a public key associated with the first device and signed using a private key associated with the second device, verifying using a public key associated with the second device that the encrypted symmetric key of the message was signed using the private key associated with the second device, and decrypting the symmetric key of the received message using the private key associated with the first device.
- View Dependent Claims (68, 69)
- - 68. The computer-readable medium of claim 67 wherein the first device and the second device use the symmetric key to encrypt information transmitted during an established session.
  - 69. The computer-readable medium of claim 67 wherein the first device obtains the public key associated with the second device from a certificate authority.

70. A computing system for transmitting a symmetric key between a first device and a second device using a protocol for establishing a session between the devices, comprising:
- a transmission component that transmits a symmetric key from the first device to the second device by encrypting the symmetric key using a public key of a user of the second device, encrypting at least a portion of the encrypted symmetric key using a private key of a user of the first device, adding the encrypted symmetric key to a message of the protocol, and sending from the first device to the second device the message using the encrypted symmetric key;
  
  a receiving component that receives a symmetric key sent from the second device to the first device by receiving a message having the symmetric key encrypted with a public key of a user of the first device and at least a portion of the encrypted symmetric key encrypted with a private key of a user of the second device, decrypting the at least a portion of the encrypted symmetric key using a public key of the user of the second device to verify that the encrypted symmetric key of the message was encrypted using the private key of the user of the second device, and decrypting the symmetric key of the message using the private key of the user of the first device; and
  
  a session component that uses the symmetric key to encrypt and decrypt information transmitted during an established session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Simons, David, Buch, Jeremy

Granted Patent

US 8,307,421 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 63/126   the source of the received ...

H04L 65/1101   Session protocols

H04L 65/1104   Session initiation protocol...

END-TO-END AUTHENTICATION OF SESSION INITIATION PROTOCOL MESSAGES USING CERTIFICATES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

69 Citations

70 Claims

Specification

Solutions

Use Cases

Quick Links

END-TO-END AUTHENTICATION OF SESSION INITIATION PROTOCOL MESSAGES USING CERTIFICATES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

69 Citations

70 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links