END-TO-END AUTHENTICATION OF SESSION INITIATION PROTOCOL MESSAGES USING CERTIFICATES
1 Assignment
0 Petitions
Accused Products
Abstract
End-to-end authentication capability based on public-key certificates is combined with the Session Initiation Protocol (SIP) to allow a SIP node that receives a SIP request message to authenticate the sender of request. The SIP request message is sent with a digital signature generated with a private key of the sender and may include a certificate of the sender. The SIP request message my also be encrypted with a public key of the recipient. After receiving the SIP request, the receiving SIP node obtains a certificate of the sender and authenticates the sender based on the digital signature. The digital signature may be included in an Authorization header of the SIP request, or in a multipart message body constructed according to the S/MIME standard.
-
Citations
70 Claims
-
1-48. -48. (canceled)
-
49. A method for transmitting information from a sending device to a receiving device using a protocol for establishing a session between the devices, the method comprising:
-
encrypting the information using a public key of a receiver of the receiving device;
signing the encrypted information using a private key of a sender of the sending device;
adding the signed encrypted information to a message of the protocol; and
sending from the sending device to the receiving device the message with the signed encrypted information wherein upon receiving the message, the receiving device can verify using the public key of the sender that the encrypted information was signed by the sender and can decrypt the information using the private key of the receiver. - View Dependent Claims (50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66)
-
-
67. A computer-readable medium containing instructions for transmitting a symmetric key between a first device and a second device using a protocol for establishing a session between the devices, comprising:
-
instructions for transmitting the symmetric key from the first device to the second device by encrypting the symmetric key using a public key associated with the second device, signing the encrypted symmetric key using a private key associated with the first device, adding the signed encrypted symmetric key to a message of the protocol, and sending from the first device to the second device the message with the signed encrypted symmetric key; and
instructions for receiving the symmetric key sent from the second device to the first device by receiving a message having a symmetric key encrypted using a public key associated with the first device and signed using a private key associated with the second device, verifying using a public key associated with the second device that the encrypted symmetric key of the message was signed using the private key associated with the second device, and decrypting the symmetric key of the received message using the private key associated with the first device. - View Dependent Claims (68, 69)
-
-
70. A computing system for transmitting a symmetric key between a first device and a second device using a protocol for establishing a session between the devices, comprising:
-
a transmission component that transmits a symmetric key from the first device to the second device by encrypting the symmetric key using a public key of a user of the second device, encrypting at least a portion of the encrypted symmetric key using a private key of a user of the first device, adding the encrypted symmetric key to a message of the protocol, and sending from the first device to the second device the message using the encrypted symmetric key;
a receiving component that receives a symmetric key sent from the second device to the first device by receiving a message having the symmetric key encrypted with a public key of a user of the first device and at least a portion of the encrypted symmetric key encrypted with a private key of a user of the second device, decrypting the at least a portion of the encrypted symmetric key using a public key of the user of the second device to verify that the encrypted symmetric key of the message was encrypted using the private key of the user of the second device, and decrypting the symmetric key of the message using the private key of the user of the first device; and
a session component that uses the symmetric key to encrypt and decrypt information transmitted during an established session.
-
Specification