SECURE COMMUNICATION SESSION SETUP

US 20100138660A1
Filed: 12/03/2008
Published: 06/03/2010
Est. Priority Date: 12/03/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving an encrypted key generating value from a first device;

decrypting the encrypted key generating value;

generating a temporary session key associated with the first device based on the key generating value;

receiving a secure session invitation message from the first device;

generating a master session key;

encrypting the master session key using the temporary session key associated with the first device; and

transmitting the encrypted master session key to the first device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device receives an encrypted key generating value from a first device and decrypts the encrypted key generating value. A temporary session key associated with the first device is generated based on the key generating value. A secure session invitation message is received from the first device. A master session key is generated and encrypted using the temporary session key associated with the first device. The encrypted master session key is transmitted to the first device.

60 Citations

View as Search Results

25 Claims

1. A method comprising:
- receiving an encrypted key generating value from a first device;
  
  decrypting the encrypted key generating value;
  
  generating a temporary session key associated with the first device based on the key generating value;
  
  receiving a secure session invitation message from the first device;
  
  generating a master session key;
  
  encrypting the master session key using the temporary session key associated with the first device; and
  
  transmitting the encrypted master session key to the first device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the encrypted key generating value is encrypted using a public key associated with a server and wherein decrypting the encrypted key generating value comprises:
    - decrypting the encrypted key generating value using a private key associated with the server.
  - 3. The method of claim 1, wherein the encrypted key generating value is received within a secure session setup message.
  - 4. The method of claim 3, wherein the secure session setup message comprises a session initiation protocol (SIP) message.
  - 5. The method of claim 3, wherein the encrypted key generating value is received in a header of the secure session setup message.
  - 6. The method of claim 5, wherein the header of the secure session setup message comprises a session description protocol (SDP) header of a session initiation protocol (SIP) message.
  - 7. The method of claim 1, wherein the key generating value comprises a random number or a pseudorandom number.
  - 8. The method of claim 1, further comprising:
    - periodically receiving, at a registration server, a registration message from the first device; and
      
      transmitting a digital certificate to the first device in response to the registration message, where the digital certificate includes a public key associated with the registration server,wherein the encrypted key generating value is encrypted using the public key associated with the registration server.
  - 9. The method of claim 1, wherein the secure session invitation message designates a second device, the method further comprising:
    - receiving a second encrypted key generating value from the second device;
      
      decrypting the encrypted second key generating value;
      
      generating a second temporary session key associated with second first device based on the second key generating value;
      
      encrypting the master session key using the second temporary session key associated with the second device; and
      
      transmitting the encrypted master session key to the second device.
  - 10. The method of claim 9, further comprising:
    - generating a modified secure session invitation message to include the master session key encrypted using the second temporary session key associated with the second device; and
      
      transmitting the modified secure session invitation message to the second device.
  - 11. The method of claim 10, wherein the master session key encrypted using the temporary session key associated with the second device is included in a header of the modified secure session invitation message.
  - 12. The method of claim 9, further comprising:
    - receiving a session acceptance message from the second device;
      
      generating a modified session acceptance message to include the master session key encrypted using the temporary session key associated with the first device; and
      
      transmitting the modified session acceptance message to the first device.
  - 13. The method of claim 12, wherein the master session key encrypted using the temporary session key associated with the first device is included in a header of the modified session acceptance message.

14. A method, comprising:
- transmitting a register message to a voice over internet protocol (VoIP) server;
  
  receiving a public key associated with the VoIP server in response to the register message;
  
  generating a key generating value;
  
  encrypting the key generating value using the public key associated with the VoIP server;
  
  transmitting the encrypted key generating value to the VoIP server;
  
  generating a temporary session key based on the key generating value;
  
  performing one of;
  
  transmitting a session invitation message designating a called party device to the VoIP server;
  
  orreceiving a session invitation message designating a calling party device from the VoIP server;
  
  receiving an encrypted master session key;
  
  decrypting the encrypted master session key using the temporary session key; and
  
  using the decrypted master session key to secure a communication session with the called party device or the calling party device.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The method of claim 14, further comprising:
    - receiving a digital certificate associated with the VoIP server in response to the register message, wherein the digital certificate includes the public key;
      
      determining whether the digital certificate is authentic; and
      
      transmitting the encrypted key generating value to the VoIP server when it is determined that the digital certificate is authentic.
  - 16. The method of claim 14, wherein the public key is received in a header of a VoIP message responsive to the register message and wherein the encrypted key generating value is transmitted in a header of an acknowledgement message.
  - 17. The method of claim 14, wherein the encrypted master session key is received in a header of the session invitation message.
  - 18. The method of claim 14, further comprising:
    - receiving an acceptance message from the VoIP server following transmission of the session invitation message, wherein the encrypted master session key is received in a header of the acceptance message.

19. A system, comprising:
- a registration/proxy server connected to a first real time communication session device and a second real time communication session device,wherein the registration/proxy server is configured to;
  
  receive an encrypted first key generating value from the first real time communication session device;
  
  decrypt the encrypted first key generating value;
  
  generate a first temporary session key based on the first key generating value;
  
  receive a secure session invitation message;
  
  generate the master session key;
  
  encrypt the master session key based on the first temporary session key; and
  
  transmit the encrypted master session key based on the first temporary session key to the first real time communication session device.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The system of claim 19, wherein the first real time communication session device is configured to:
    - transmit an encrypted first key generating value to the registration/proxy server;
      
      generate a first temporary session key based on the first key generating value;
      
      receive an encrypted master session key from the registration/proxy server;
      
      decrypt the encrypted master session key using the first temporary session key; and
      
      conduct a secure real time communication session with the second real time communication session device using the master session key.
  - 21. The system of claim 19, wherein each of the encrypted first key generating value and the encrypted master session key are included in headers of respective session setup messages.
  - 22. The system of claim 19, wherein each of the encrypted first key generating value and the encrypted master session key are included in a session description protocol (SDP) portion of the headers of the respective session setup messages.
  - 23. The system of claim 19, wherein the second real time communication session device is configured to:
    - transmit an encrypted second key generating value to the registration/proxy server;
      
      generate a second temporary session key based on the second key generating value;
      
      receive a master session key encrypted based on the second temporary session key from the registration/proxy server;
      
      decrypt the encrypted master session key using the second temporary session key; and
      
      conduct the secure real time communication session with the second real time communication session device using the master session key.
  - 24. The system of claim 23, where the registration/proxy server is further configured to:
    - receive the encrypted second key generating value from the second real time communication session device;
      
      decrypt the encrypted second key generating value;
      
      independently generate the second temporary session key based on the second key generating value;
      
      encrypt the master session key based on the second temporary session key; and
      
      transmit the encrypted master session key based on the second temporary session key to the second real time communication session device.

25. A method, comprising:
- receiving a session invitation message from a first client device, the session invitation message including an encrypted first random session key in a header of the session invitation message;
  
  forwarding the session invitation message to a second client device;
  
  receiving a session acceptance message from the second client device, the session acceptance message including an encrypted second random session key in a header of the session acceptance message;
  
  generating a master session key;
  
  encrypting the master session key using the first random session key;
  
  modifying the header of the received session acceptance message to include the master session key encrypted using the first random session key;
  
  transmitting the modified session acceptance message to the first client device;
  
  receiving a session acknowledgement message from the first client device;
  
  encrypting the master session key using the second random session key;
  
  modifying a header of the received session acknowledgement message to include the master session key encrypted using the second random session key; and
  
  transmitting the modified session acknowledgement message to the second client device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Corporate Resources Group LLC (Verizon Communications Inc.)
Inventors
Rados, Steven R., Haynes, Thomas W.

Granted Patent

US 8,990,569 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 9/083   involving central third par...

H04L 9/0844   with user authentication or...

H04L 9/3263   involving certificates, e.g...

SECURE COMMUNICATION SESSION SETUP

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

60 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE COMMUNICATION SESSION SETUP

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

60 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links