DEVICE AUTHENTICATION AND SECURE CHANNEL MANAGEMENT FOR PEER-TO-PEER INITIATED COMMUNICATIONS
First Claim
1. A method of establishing a secure communication channel between devices in an Internet Protocol (IP) network, comprising:
- in session established in accordance with a peer-to-peer signaling protocol, providing a private key to an authenticated device; and
in a further session established in accordance with the peer-to-peer signaling protocol, providing a complimentary public key to an authenticated client requesting secure access to the device, the private key and complimentary public key permitting a key exchange between the authenticated device and the authenticated client, to establish the secure communication channel therebetween.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for providing secure access to a device initiating communications using a peer-to-peer signaling protocol, such as a SIP or H.323. In a device registration phase, the device contacts a secure access server, and authenticates to the secure access server by providing an identification, such as its factory ID. The secure access server then issues a device ID and private key to the authenticated device. A client can then initiate a further communication session and be authenticated by the secure access server. The secure access server returns the device identification and the device'"'"'s public key to the client. The client and device can then perform a symmetrical key exchange for their current communication session, and can communicate with appropriate encryption. The device'"'"'s private key can be set to expire after one or more uses.
349 Citations
49 Claims
-
1. A method of establishing a secure communication channel between devices in an Internet Protocol (IP) network, comprising:
-
in session established in accordance with a peer-to-peer signaling protocol, providing a private key to an authenticated device; and in a further session established in accordance with the peer-to-peer signaling protocol, providing a complimentary public key to an authenticated client requesting secure access to the device, the private key and complimentary public key permitting a key exchange between the authenticated device and the authenticated client, to establish the secure communication channel therebetween. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method of securely accessing a device in a communication session established according to a peer-to-peer signaling protocol, comprising:
-
initiating a communication session with a secure access server in accordance with the peer-to-peer signaling protocol; authenticating to the secure access server; retrieving a public key for the device from the secure access server; initiating a further communication session with the device in accordance with a peer-to-peer signaling protocol; and performing a key exchange with the device using the public key to establish a secure communication channel with the device. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A method for providing authentication of, and secure communication between, devices communicating over an IP network according to a peer-to-peer signaling protocol, comprising:
-
authenticating a device agent and providing it with a private key; authenticating a client agent and providing it with a public key, complimentary to the private key; and in a communication session established between the client agent and the device agent according to the peer-to-peer signaling protocol, performing an encrypted key exchange to establish a secure tunnel therebetween. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A system for providing secure communication between devices initiating communication over an IP network according to a peer-to-peer signaling protocol, comprising:
-
a secure access server communicating with the devices via a server connected to the IP network, the secure access server having an authenticator to authenticate the devices and a key generation module to generate complimentary asymmetric public and private keys in response to authentication of a device agent to the secure access server and to provide the private key to the device agent; and a client agent authenticated to, and provided with the public key by, the secure access server, the client agent for initiating a communication session with the device agent in accordance with the peer-to-peer signaling protocol, and, using the public key, performing a further key exchange therewith to establish a secure communication tunnel. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40)
-
-
41. A system for authenticating devices and establishing a secure communication tunnel between them, comprising:
-
a server in communication with a public Internet Protocol (IP) network; a secure access server in communication with the server; a device agent, in communication with the server according to a peer-to-peer signaling protocol, to authenticate itself to the secure access server and to receive a private key from the secure access server; and a client agent, in communication with the server according to the peer-to-peer signaling protocol, to authenticate itself to the secure access server, to receive a complimentary public key from the secure access server, and, using the public key, performing a further key exchange with the device agent to establish a secure communication tunnel. - View Dependent Claims (42, 43, 44, 45, 46, 47, 48, 49)
-
Specification