METHODS AND SYSTEMS FOR END-TO-END SECURE SIP PAYLOADS
First Claim
1. A method for protecting a Session Initiation Protocol (SIP) message payload transmitted between a target SIP application server toward a client application residing in one of a user equipment (UE) or in another SIP application server comprising:
- determining whether said target SIP application server is associated with said client application'"'"'s domain or with another domain which is different than said client application'"'"'s domain;
if said target SIP application server is associated with said client application'"'"'s domain and if said client application resides in said UE, then protecting said SIP message payload using a Generic Bootstrapping Architecture (GBA) key management protocol between said client application residing in said UE and said target SIP application server; and
if said target SIP application server is associated with said another domain or if said client application resides in said another SIP application server, then protecting said SIP message payload using a hop-by-hop key management protocol between said client application and said target SIP application server.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems and communication nodes for protecting Session Initiation Protocol (SIP) message payloads are described. Different protection techniques can be used to protect SIP payloads depending upon, for example, whether a recipient client application resides in a user equipment or an application server and/or whether a recipient client application resides in a same SIP/IP domain as the target SIP application server which is sending the SIP payloads.
-
Citations
17 Claims
-
1. A method for protecting a Session Initiation Protocol (SIP) message payload transmitted between a target SIP application server toward a client application residing in one of a user equipment (UE) or in another SIP application server comprising:
-
determining whether said target SIP application server is associated with said client application'"'"'s domain or with another domain which is different than said client application'"'"'s domain; if said target SIP application server is associated with said client application'"'"'s domain and if said client application resides in said UE, then protecting said SIP message payload using a Generic Bootstrapping Architecture (GBA) key management protocol between said client application residing in said UE and said target SIP application server; and if said target SIP application server is associated with said another domain or if said client application resides in said another SIP application server, then protecting said SIP message payload using a hop-by-hop key management protocol between said client application and said target SIP application server. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An intermediate SIP server for routing SIP messages from a target SIP application server located in a first SIP/IP domain to a client application located in a second SIP/IP domain comprising:
-
an interface for receiving a first SIP message directed to said client application, said message including an encrypted SIP payload protection key from said target SIP application server; and a processor for decrypting said encrypted SIP payload protection key with a secret key associated with said intermediate SIP server, re-encrypting said decrypted SIP payload protection key using a public key infrastructure (PKI) technique if said client application resides in an application server or a Generic Bootstrapping Architecture (GBA) technique if said client application resides in a user equipment, and transmitting said re-encrypted SIP payload protection key toward said application client.
-
-
9. The intermediate SIP server of claim 9, wherein said processor is further configured to verify a signature associated with said encrypted SIP payload protection key.
-
10. A target SIP application server which transmits SIP payloads toward application clients comprising:
-
an interface for receiving SIP messages requesting updates from said target SIP application server; and a processor for generating and transmitting protected SIP payloads for transmission to client applications in response to said SIP messages, wherein said processor protects said SIP payloads using one of; a public key infrastructure (PKI) technique for SIP payloads to be transmitted toward client applications which reside in an application server; and a Generic Bootstrapping Architecture (GBA) technique for SIP payloads to be transmitted toward client applications which reside in a user equipment. - View Dependent Claims (11, 12, 13, 17)
-
-
14. A method for protecting SIP payload data comprising:
-
receiving SIP messages requesting updates from a target SIP application server; protecting SIP payload data using one of; a public key infrastructure (PKI) technique for SIP payloads to be transmitted toward client applications which reside in an application server; and a Generic Bootstrapping Architecture (GBA) technique for SIP payloads to be transmitted toward client applications which reside in a user equipment; and generating and transmitting said protected SIP payloads for transmission to client applications in response to said SIP messages. - View Dependent Claims (15, 16)
-
Specification