Sending Secure Media Streams

US 20110093609A1
Filed: 02/20/2009
Published: 04/21/2011
Est. Priority Date: 06/16/2008
Status: Active Grant

First Claim

Patent Images

1. A method of sending a first secured media stream having a payload via an intermediate node, the method comprising:

at the intermediate node, receiving from a sender the first secured media stream;

determining for the first secured media stream an end-to-end cryptographic context identifier and a hop-by-hop cryptographic context identifier, the hop-by-hop cryptographic context identifier relating to the intermediate node and the end-to-end cryptographic identifier relating to the sender;

generating a second secured media stream, the second secured media stream including at least the payload of the first secured media stream and the cryptographic context identifiers to identify the first secured media stream;

sending the second secured media stream to a receiving node; and

sending the cryptographic context identifiers to the receiving node, the cryptographic context identifiers being usable by the receiving node to recover the first secured media stream.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for sending a first secured media stream having a payload via an intermediate node. The intermediate node receives from a sender the first secured media stream. An end-to-end context identifier and a hop-by-hop context identifier are determined for the first secured media stream, where the hop-by-hop context identifier relates to the intermediate node and the end-to-end identifier relates to the sender. A second secured media stream is generated, which includes at least the payload of the first secured media stream and the context identifiers to identify the first secured media stream. The second secured media stream is sent to a receiving node, and the context identifiers are also sent to the receiving node. The context identifiers are usable by the receiving node to recover the first secured media stream.

21 Citations

View as Search Results

15 Claims

1. A method of sending a first secured media stream having a payload via an intermediate node, the method comprising:
- at the intermediate node, receiving from a sender the first secured media stream;
  
  determining for the first secured media stream an end-to-end cryptographic context identifier and a hop-by-hop cryptographic context identifier, the hop-by-hop cryptographic context identifier relating to the intermediate node and the end-to-end cryptographic identifier relating to the sender;
  
  generating a second secured media stream, the second secured media stream including at least the payload of the first secured media stream and the cryptographic context identifiers to identify the first secured media stream;
  
  sending the second secured media stream to a receiving node; and
  
  sending the cryptographic context identifiers to the receiving node, the cryptographic context identifiers being usable by the receiving node to recover the first secured media stream.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method according to claim 1, further comprising:
    - at the intermediate node, receiving from a sender at least one further secured media stream;
      
      determining for the further secured media stream a further end-to-end cryptographic context identifier and a further hop-by-hop cryptographic context identifier, the further hop-by-hop cryptographic context identifier relating to the intermediate node and the further end-to-end cryptographic identifier relating to the sender;
      
      multiplexing at least the payloads of the first secured media stream and the further secured media stream using the cryptographic context identifiers to identify those portions of the secured multiplexed media stream relating to the first and further secured media stream respectively;
      
      sending the secured multiplexed media stream to the receiving node; and
      
      sending the further end-to-end cryptographic context identifiers and the further hop-by-hop cryptographic context identifiers to the receiving node, the cryptographic context identifiers being usable by the receiving node to demultiplex the secured multiplexed media stream.
  - 3. The method according to claim 1, wherein the end-to-end cryptographic context identifier is derived from a synchronization source used by the sender, and the hop-by-hop cryptographic context identifier is derived from a synchronization source used by the intermediate node.
  - 4. The method according to any claim 1, further comprising sending at least one of the cryptographic context identifiers in one of a Real-time Transport Protocol synchronization source, a Real-time Transport Protocol header extension and a Contributing Source identifier in a Real-time Transport Protocol header.
  - 5. The method according to any claim 1, further comprising sending at least one of the cryptographic context identifiers in one of a Real-time Transport Control Protocol Application packet and a PRIV field in a Secure Real-time Transport Protocol stream.
  - 6. The method according to claim 1, further comprising signalling at least one of the cryptographic context identifiers to the receiving node in a Secure Real-time Transport Protocol (SRTP) Master Key Identifier tag.
  - 7. The method according to claim 1, further comprising sending the end-to-end cryptographic context identifier in a designated field of a packet.
  - 8. The method according to, claim 1 further comprising, at the receiving node,receiving the cryptographic context identifiers;
    - receiving the secured media stream;
      
      using the cryptographic context identifiers to recover the secured media stream.
  - 9. The method according to claim 2, the method further comprising, at the receiving node:
    - receiving the cryptographic context identifiers and the further cryptographic context identifiers;
      
      receiving the secured multiplexed media stream;
      
      using the cryptographic context identifiers and further cryptographic context identifiers to demultiplex the secured multiplexed media stream.

10. An intermediate node for use in a communication network, the intermediate node comprising:
- a receiver for receiving from a sender a first secured media stream;
  
  a first context determining function for determining for the first secured media stream an end-to-end cryptographic context identifier and a hop-by-hop cryptographic context identifier, the hop-by-hop cryptographic context identifier relating to the intermediate node and the end-to-end cryptographic identifier relating to the sender;
  
  a processing function for generating a second secured media stream, the second secured media stream including at least the payload of the first secured media stream and the cryptographic context identifiers to identify the first secured media stream;
  
  a first transmitting function for transmitting the second secured media stream to a receiving node; and
  
  a second transmitting function for transmitting the cryptographic context identifiers to the receiving node, the cryptographic context identifiers being usable by the receiving node to recover the secured media stream.
- View Dependent Claims (11)
- - 11. The intermediate node according to claim 10, further comprising:
    - a further receiving function for receiving at least one further secured media stream;
      
      a further determining function for determining for the further secured media stream a further end-to-end cryptographic context identifier and a further hop-by-hop cryptographic context identifier, the further hop-by-hop cryptographic context identifier relating to the intermediate node and the further end-to-end cryptographic context identifier relating to the sender;
      
      a multiplexing function for multiplexing at least the payload of the first secured media stream and the further secured media stream using the cryptographic context identifiers to identify those portions of the secured multiplexed media stream relating to each secured media stream;
      
      wherein the first transmitting function is arranged to send the secured multiplexed media stream to the receiving node; and
      
      the second transmitting function is arranged to send the end-to-end cryptographic context identifiers and the hop-by-hop cryptographic context identifiers to the receiving node, the cryptographic context identifiers being usable by the receiving node to demultiplex the secured multiplexed media stream.

12. A receiving node for receiving a multiplexed secured media stream derived from a plurality of secured media streams, the receiving node comprising:
- a first receiver for receiving an end-to-end cryptographic context identifier and a hop-by-hop cryptographic context identifier, the end-to-end cryptographic context identifier relating to a sender, the hop-by-hop cryptographic context identifier relating to an intermediate node between a media data source and a receiver node, the cryptographic context identifiers used for multiplexing the plurality of secured media streams to identify those portions of the secured multiplexed media stream relating to each media stream;
  
  a second receiver for receiving the secured multiplexed media stream;
  
  a processor for using the cryptographic context identifiers to demultiplex the secured multiplexed media stream.

13-14. -14. (canceled)

15. A computer program product for sending a first secured media stream having a payload via an intermediate node, the computer program product comprising a computer readable storage medium having computer readable program code embodied in the medium, the computer readable program code comprising:
- computer readable program code configured to receive from a sender the first secured media stream at the intermediate node;
  
  computer readable program code configured to determine for the first secured media stream an end-to-end cryptographic context identifier and a hop-by-hop cryptographic context identifier, the hop-by-hop cryptographic context identifier relating to the intermediate node and the end-to-end cryptographic identifier relating to the sender;
  
  computer readable program code configured to generate a second secured media stream, the second secured media stream including at least the payload of the first secured media stream and the cryptographic context identifiers to identify the first secured media stream;
  
  computer readable program code configured to send the second secured media stream to a receiving node; and
  
  computer readable program code configured to send the cryptographic context identifiers to the receiving node, the cryptographic context identifiers being usable by the receiving node to recover the first secured media stream.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Mattsson, John, Norrman, Karl, Näslund, Mats, Blom, Rolf, Cheng, Yi

Granted Patent

US 8,966,105 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/231
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 65/65   Network streaming protocols...

H04L 65/765   intermediate

Sending Secure Media Streams

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

21 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Sending Secure Media Streams

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links