Method for providing a symmetric key for protecting a key management protocol

US 20100034384A1
Filed: 09/24/2007
Published: 02/11/2010
Est. Priority Date: 09/28/2006
Status: Active Grant

First Claim

Patent Images

1-15. -15. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Cryptographic material is generated for a protocol for the encrypted transmission of media data between a subscriber device and a provider device. A first symmetric key of the subscriber device and the provider device is inserted in a symmetric key protection mechanism of a network protocol of a control layer to establish a communication session between the subscriber device and the provider device. A first time-variable parameter is transmitted from the provider device to the subscriber device. A second symmetric key for protecting the key management protocol is calculated by both the provider device and the subscriber device using a defined function depending at least on the first symmetric key and the first time-variable parameter.

Citations

29 Claims

1-15. -15. (canceled)

16. A method for providing a symmetric key for protecting a key management protocol, by which cryptographic material is generated for a protocol for encrypted transmission of media data between user equipment and provider equipment, comprising:
- providing a first symmetric key to the user equipment and the provider equipment, the first symmetric key used in a protection mechanism of a network protocol of a control layer based on symmetric keys to establish a communication session between the user equipment and the provider equipment;
  
  transmitting a first time-variable parameter from the provider equipment to the user equipment;
  
  deriving a second time-variable parameter respectively by the user equipment and the provider equipment from the first time-variable parameter;
  
  computing a second symmetric key for protection of the key management protocol by the provider equipment using the second time-variable parameter and a predefined function depending on at least the first symmetric key and the first time-variable parameter; and
  
  computing the second symmetric key by the user equipment using the second time-variable parameter and the predefined function depending on at least the first symmetric key and the first time-variable parameter.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 17. The method as claimed in claim 16,wherein the protocol for encrypted transmission of the media data is a Secure Real-Time Transport Protocol, and/orwherein the key management protocol is Multimedia Internet Keying, and/orwherein the protection mechanism is an authentication and/or integrity protocol provided by the HTTP Digest protocol, and/orwherein the network protocol for establishing the communication link is a Session Initiation Protocol, and/orwherein the cryptographic material features a main key for derivation of session keys and cryptographic context.
  - 18. The method as claimed in claim 17, wherein the key management protocol is used in the control layer and/or in a media layer.
  - 19. The method as claimed in claim 18, further comprising:
    - generating a third time-variable parameter by the user equipment;
      
      transmitting the third time-variable parameter from the user equipment to the provider equipment;
      
      computing by the provider equipment the second symmetric key depending on the first symmetric key, the first time-variable parameter and the third time-variable parameter received from the user equipment; and
      
      computing by the user equipment the second symmetric key depending on the first symmetric key, the first time-variable parameter and the third time-variable parameter.
  - 20. The method as claimed in claim 19, wherein the first time-variable parameter is a Number-Used-Once and the second time-variable parameter is a Client-Defined-Number-Used-Once and the third time-variable parameter is a Number-Used-Once-Count of an HTTP-Digest protocol.
  - 21. The method as claimed in claim 20, wherein the predefined function includes first and second subfunctions, with the first subfunction having at least the first symmetric key and the first time-variable parameter as input parameters and the second subfunction having at least a result of the first subfunction and the second time-variable parameter as input parameters.
  - 22. The method as claimed in claim 21, wherein the user equipment and the provider equipment at least partly embody an Internet Protocol Multimedia Subsystem.
  - 23. The method as claimed in claim 22, wherein the provider equipment of the Internet Protocol Multimedia Subsystem includes at least one ofa proxy functionality unit coupled to the user equipment;
    - an interrogation functionality unit coupled to the proxy functionality unit;
      
      a server functionality unit coupled to the interrogation functionality unit; and
      
      a Home Subscriber Server unit coupled to the server functionality unit and storing at least the first symmetric key.
  - 24. The method as claimed in claim 23, wherein the HTTP Digest protocol is executed between the user equipment and the server functionality unit.
  - 25. The method as claimed in claim 24, wherein the first subfunction is executed by the server functionality unit, the result of the first subfunction is transmitted from the server functionality unit to the proxy functionality unit, the second time-variable parameter is received by the proxy functionality unit and the second subfunction is executed by the proxy functionality unit.
  - 26. The method as claimed in claim 23, wherein the HTTP Digest protocol is executed between the user equipment and the Home Subscriber Server unit.
  - 27. The method as claimed in claim 26, wherein the first subfunction is executed by the Home Subscriber Server unit, the result of the first subfunction is transmitted from the Home Subscriber Server unit to the proxy functionality unit, the second time-variable parameter is received by the proxy functionality unit and the second subfunction is executed by the proxy functionality unit.
  - 28. The method as claimed in claim 23, wherein the user equipment has a Session Initiation Protocol-based subscription with the provider equipment.

29. A method for encryption of media data between user equipment and provider equipment, comprising:
- providing, to the user equipment and the provider equipment, a first symmetric key used in a protection mechanism of a network protocol of a control layer based on symmetric keys to establish a communication session between the user equipment and the provider equipment;
  
  transmitting a first time-variable parameter from the provider equipment to the user equipment;
  
  computing, by the provider equipment, a second symmetric key for protection of the key-management protocol, using a predefined function depending on at least the first symmetric key and the first time-variable parameter; and
  
  computing, by the user equipment, the second symmetric key based on the predefined function depending on at least the first symmetric key and the first time-variable parameter;
  
  encrypting, by the user equipment or provider equipment, the media data depending on the second symmetric key to produce encrypted media data;
  
  transmitting the encrypted media data;
  
  receiving the encrypted media data by the provider equipment or user equipment; and
  
  decrypting, by the provider equipment or the user equipment, the encrypted media data using the second symmetric key provided.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Siemens AG
Original Assignee
Siemens AG
Inventors
Thiruvengadam, Srinath, Bücker, Wolfgang, Horn, Günther

Granted Patent

US 8,488,795 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/262
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/0442   wherein the sending and rec...

H04L 63/06   for supporting key manageme...

H04L 9/0838   Key agreement, i.e. key est...

Method for providing a symmetric key for protecting a key management protocol

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Method for providing a symmetric key for protecting a key management protocol

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links