System, Method and Apparatus for Providing Security in an IP-Based End User Device
First Claim
1. A method for providing security in an IP-based end user device, comprising the steps of:
- monitoring an application layer, a TCP/IP layer and a datalink layer of the IP-based end user device;
whenever an incoming session is detected, determining whether the incoming session satisfies one or more session security parameters, accepting the incoming session whenever the session security parameter(s) are satisfied, and denying the incoming session whenever the session security parameter(s) are not satisfied; and
whenever an incoming packet is detected, determining whether the incoming packet satisfies one or more packet security parameters, processing the incoming packet whenever the packet security parameter(s) are satisfied, and dropping the incoming packet whenever the packet security parameter(s) are not satisfied.
6 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a system, method and apparatus for providing security in an IP-based end user device, such personal computer clients, hard phones, soft phones, cellular phones, dual-mode phones, handheld communication devices, wireless communications devices and any other device capable of supporting real time IP-based applications. An application layer, a TCP/IP layer and a datalink layer of the IP-based end user device are monitored. Whenever an incoming session is detected and analyzed, the incoming session is accepted whenever one or more session security parameter(s) are satisfied and the incoming session is denied whenever the session security parameter(s) are not satisfied. Whenever an incoming packet is detected and analyzed, the incoming packet is processed whenever one or more packet security parameter(s) are satisfied and the incoming packet is dropped whenever the packet security parameter(s) are not satisfied.
-
Citations
22 Claims
-
1. A method for providing security in an IP-based end user device, comprising the steps of:
-
monitoring an application layer, a TCP/IP layer and a datalink layer of the IP-based end user device; whenever an incoming session is detected, determining whether the incoming session satisfies one or more session security parameters, accepting the incoming session whenever the session security parameter(s) are satisfied, and denying the incoming session whenever the session security parameter(s) are not satisfied; and whenever an incoming packet is detected, determining whether the incoming packet satisfies one or more packet security parameters, processing the incoming packet whenever the packet security parameter(s) are satisfied, and dropping the incoming packet whenever the packet security parameter(s) are not satisfied. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method for providing security in an IP-based end user device, comprising the steps of:
-
detecting whether one or more Internet Protocol Communication Security Devices (IPCS) are in a path from the IP-based end user device to a network server; and whenever the IPCS is detected, establishing a secure communication channel with the IPCS, negotiating one or more security keys with the IPCS, obtaining one or more system security parameters from the IPCS, and configuring the IP-based end user device with the obtained system security parameters; monitoring an application layer, a TCP/IP layer and a datalink layer of the IP-based end user device; whenever an incoming session is detected, determining whether the incoming session satisfies one or more session security parameters, accepting the incoming session whenever the session security parameter(s) are satisfied, and denying the incoming session whenever the session security parameter(s) are not satisfied; whenever an outgoing session is detected, determining whether the outgoing session satisfies the session security parameter(s), allowing the outgoing session whenever the session security parameter(s) are satisfied, and denying the outgoing session whenever the session security parameter(s) are not satisfied; whenever an incoming packet is detected, determining whether the incoming packet satisfies one or more packet security parameters, processing the incoming packet whenever the packet security parameter(s) are satisfied, and dropping the incoming packet whenever the packet security parameter(s) are not satisfied; whenever an outgoing packet is detected, determining whether the outgoing packet satisfies the packet security parameter(s), allowing the outgoing packet whenever the packet security parameter(s) are satisfied, and dropping the outgoing packet whenever the packet security parameter(s) are not satisfied; whenever a user interface command is detected, executing the user interface command; wherein the IP-based end user device comprises a mobile handset, a computer, a portable computer, a personal data assistant, a multimedia device or a combination thereof, wherein the session security parameter(s) and packet security parameters are used to detect a malformed message, a rogue media anomaly, a rogue signaling anomaly, a flood attack, a protocol anomaly, an ARP poison anomaly, a configuration change anomaly, a DNS hijack anomaly, a spam attack, a man-in-the-middle attack, a spoofing attack or a combination thereof, and the incoming and outgoing packet(s) comprise one or more data packets, voice packets, multimedia packets, signaling packets or a combination thereof.
-
-
18. A computer program embodied on a computer readable medium for providing security in an IP-based end user device, the computer program comprising:
-
a code segment for monitoring an application layer, a TCP/IP layer and a datalink layer of the IP-based end user device; a code segment for whenever an incoming session is detected, determining whether the incoming session satisfies one or more session security parameters, accepting the incoming session whenever the session security parameter(s) are satisfied, and denying the incoming session whenever the session security parameter(s) are not satisfied; and a code segment for whenever an incoming packet is detected, determining whether the incoming packet satisfies one or more packet security parameters, processing the incoming packet whenever the packet security parameter(s) are satisfied, and dropping the incoming packet whenever the packet security parameter(s) are not satisfied.
-
-
19. An IP-based communications apparatus comprising:
-
one or more processors comprising an application layer and a TCP/IP layer; one or more user interfaces connected to the processor(s); one or more communication interfaces connected to the processor(s) and comprising a physical layer and a datalink layer; one or more security modules that;
(a) monitor the application layer, the TCP/IP layer and the datalink layer;
(b) whenever an incoming session is detected, determine whether the incoming session satisfies one or more session security parameters, accept the incoming session whenever the session security parameter(s) are satisfied, and deny the incoming session whenever the session security parameter(s) are not satisfied; and
(c) whenever an incoming packet is detected, determine whether the incoming packet satisfies one or more packet security parameters, process the incoming packet whenever the packet security parameter(s) are satisfied, and drop the incoming packet whenever the packet security parameter(s) are not satisfied. - View Dependent Claims (20, 21)
-
-
22. A system comprising:
-
a network server; an IP-based end user device communicably connected to the network server via a network and having one or more security modules that;
(a) monitor an application layer, a TCP/IP layer and a datalink layer;
(b) whenever an incoming session is detected, determine whether the incoming session satisfies one or more session security parameters, accept the incoming session whenever the session security parameter(s) are satisfied, and deny the incoming session whenever the session security parameter(s) are not satisfied; and
(c) whenever an incoming packet is detected, determine whether the incoming packet satisfies one or more packet security parameters, process the incoming packet whenever the packet security parameter(s) are satisfied, and drop the incoming packet whenever the packet security parameter(s) are not satisfied; andone or more Internet Protocol Communication Security Devices (IPCS) in a path from the IP-based end user device to the network server.
-
Specification