SYSTEMS AND METHODS FOR CONDUCTING SECURE VOIP MULTI-PARTY CALLS

US 20160352708A1
Filed: 05/29/2015
Published: 12/01/2016
Est. Priority Date: 05/29/2015
Status: Active Grant

First Claim

Patent Images

1. A method for performing a conference call on a server, the method comprising:

receiving an inbound communication from each of a plurality of participant devices in a conference call communication, each of the plurality of participant devices comprising a connection to an accessory device having a secure element configured to scramble and unscramble audio signals using participant key information stored therein, the inbound communication comprising scrambled media signals communicated from the accessory device at a participant endpoint of a secure media session and relayed by the participant device;

relaying the scrambled media signals from each inbound communication to a cryptographic interface with a plurality of server secure elements configured to unscramble and scramble audio signals at a server side endpoint of the secure media session with a corresponding one of the plurality of accessory devices using server key information maintained by the server secure element and not accessible by the server;

receiving an audio signal from the cryptographic interface generated by each of the plurality of server secure elements from each scrambled media signal received in the media sessions with the plurality of participant devices;

mixing the plurality of audio signals to generate conference call data to be communicated to all users as a mixed audio signal;

providing the mixed audio signal to the cryptographic interface for each of the plurality of server secure elements to scramble the mixed audio signal to generate a plurality of outbound scrambled media signals; and

communicating each outbound scrambled media signals as outbound communications to each of the plurality of participant devices.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

System and method for establish secure conference calls. In one example system, a central conference call server establishes point-to-point connections with accessory devices comprising a secure element and connected to corresponding participant devices. The conference call server includes an interface to a plurality of secure elements configured to perform scrambling and unscrambling of media signals communicated to and from the accessory devices. In another example, one of the participant devices operates as the central conference call server. In other examples, participant devices communicate on a conference call via point-to-point connections between all accessory devices connected to the participant devices. The accessory devices include secure elements for decryption and encryption of media signals communicated between the accessory devices.

Citations

20 Claims

1. A method for performing a conference call on a server, the method comprising:
- receiving an inbound communication from each of a plurality of participant devices in a conference call communication, each of the plurality of participant devices comprising a connection to an accessory device having a secure element configured to scramble and unscramble audio signals using participant key information stored therein, the inbound communication comprising scrambled media signals communicated from the accessory device at a participant endpoint of a secure media session and relayed by the participant device;
  
  relaying the scrambled media signals from each inbound communication to a cryptographic interface with a plurality of server secure elements configured to unscramble and scramble audio signals at a server side endpoint of the secure media session with a corresponding one of the plurality of accessory devices using server key information maintained by the server secure element and not accessible by the server;
  
  receiving an audio signal from the cryptographic interface generated by each of the plurality of server secure elements from each scrambled media signal received in the media sessions with the plurality of participant devices;
  
  mixing the plurality of audio signals to generate conference call data to be communicated to all users as a mixed audio signal;
  
  providing the mixed audio signal to the cryptographic interface for each of the plurality of server secure elements to scramble the mixed audio signal to generate a plurality of outbound scrambled media signals; and
  
  communicating each outbound scrambled media signals as outbound communications to each of the plurality of participant devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 further comprising:
    - receiving a request to initiate a secure communication connection from each one of the plurality of participant devices;
      
      establishing the secure media sessions between the accessory devices connected to each participant device and a corresponding one of the plurality of server secure elements in response to each request to initiate the secure connection by relaying key information from each accessory device to each corresponding server secure element.
  - 3. The method of claim 2 where, in the step of establishing the secure media session, each server secure element performs a key exchange method to generate a server decryption key to unscramble the scrambled media portions from the corresponding accessory device and a server encryption key to scramble the mixed audio signal for unscrambling by the corresponding accessory device.
  - 4. The method of claim 3 where the key exchange method is performed using the Diffie-Hellman key exchange method.
  - 5. The method of claim 1 further comprising:
    - receiving a request to initiate a secure communication connection from each one of the plurality of participant devices, the request from each participant device comprising a global key;
      
      authenticating the global key by determining if the global key is valid for use to participate in a conference call on a conference call server that received the request.
  - 6. The method of claim 5 where the step of authenticating the global key further comprises determining if the global key is valid for a time and day on which the request is received.
  - 7. The method of claim 5 further comprising:
    - receiving a request for a global key from one of the participant devices for participation in conference call conducted using the conference call server;
      
      retrieving the global key from a key management database;
      
      sending the global key to the requesting participant device.
  - 8. The method of claim 1 further comprising:
    - receiving a request to initiate a secure communication connection from each one of the plurality of participant devices, the request from each participant device comprising a segment key indicative of a group to which the user of the participant device belongs;
      
      authenticating the segment key by determining if the segment key is valid for use to participate in a conference call on a conference call server that received the request.
  - 9. The method of claim 8 further comprising before the step of receiving the request to initiate the secure communication:
    - receiving a request for a segment key from one of the participant devices corresponding to a group which the user of the participant device belongs;
      
      retrieving the segment key from a key management database;
      
      sending the segment key to the requesting participant device.

10. A conference call server comprising:
- a communication interface configured to communicate over a data network with a plurality of participant devices, each participant device connected to an accessory device having audio input and output devices and a participant secure element for maintaining participant key information, where the communication interface communicates scrambled audio signals with each accessory device on a corresponding secure media session relayed by the associated participant device;
  
  a cryptographic interface connected to a plurality of server secure elements configured to scramble and unscramble audio signals communicated with the accessory devices connected to corresponding participant devices using server key information stored therein; and
  
  an audio mixer to mix audio signals from incoming scrambled audio signals unscrambled by the server secure element corresponding to the accessory devices connected to the plurality of participant devices to generate conference call data to be communicated to the users in the conference call as a mixed audio signal to provide to the cryptographic interface;
  
  where the cryptographic interface generates a scrambled mixed audio signal provided by each server secure element to communicate via the communication interface to each participant device to relay to its associated accessory device.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 11. The conference call server of claim 10 where the cryptographic interface comprises a hardware interface to the plurality of server secure elements, which comprise a plurality of hardware secure modules.
  - 12. The conference call server of claim 11 where the plurality of hardware secure modules comprises a plurality of microSD cards each configured as a secure element.
  - 13. The conference call server of claim 11 where the hardware interface to the plurality of server secure elements is selected from a group consisting of:
    - smart card interface, ball grid array (“
      
      BGA”
      
      ) interface, a surface mount device (“
      
      SMD”
      
      ) interface, or a printed circuit board interface.
  - 14. The conference call server of claim 10 where the server key information in each server secure element comprises a server encryption key and a server decryption key generated using a key exchange method performed during initiation of the scrambled media session using key information received from the participant secure element in the accessory device connected in the media session with the server secure element, where the server decryption key is used to unscramble the scrambled audio signals from the corresponding accessory device and the server encryption key is used to scramble the mixed audio signal for unscrambling by the corresponding accessory device.
  - 15. The conference call server of claim 14 where the key exchange method is performed using the Diffie Hellman key exchange method.
  - 16. The conference call server of claim 10 further comprising:
    - a participant device authentication module to authenticate a global participant key provided by the participant device during initiation of a secure connection to the conference call server.
  - 17. The conference call server of claim 16 where the participant device authentication module is configured to validate a date and time associated with the global participant key and to deny authentication if the date and time is not valid for the global participant key.
  - 18. The conference call server of claim 16 where the participant device authentication module is configured to validate a segment key provided by the participant device during initiation of the secure connection to the conference call server, the segment key indicative of a group identity of the user of the participant device.
  - 19. The conference call server of claim 16 further comprising:
    - a key management database configured to maintain the global participant key and to provide the global participant key to one of the participant devices during a registration process performed by the participant device.
  - 20. The conference call server of claim 19 where the key management database further maintains a segment key having a value indicative of a group identity, where the key management database is configured to provide the segment key to one of the participant devices during the registration process.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nagravision SA (Kudelski SA)
Original Assignee
Nagravision SA (Kudelski SA)
Inventors
Fer, Francois, Macchetti, Marco, Gauteron, Laurent, Perrine, Jerome

Granted Patent

US 10,122,767 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/22   Indexing; Data structures t...

H04L 63/06   for supporting key manageme...

H04L 63/065   for group communications cr...

H04L 65/1104   Session initiation protocol...

H04L 65/403   Arrangements for multi-part...

H04L 65/765   intermediate

H04M 7/006   Networks other than PSTN/IS...

H04W 12/04   Key management, e.g. using ...

H04W 12/08   Access security

H04W 12/61   Time-dependent

SYSTEMS AND METHODS FOR CONDUCTING SECURE VOIP MULTI-PARTY CALLS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR CONDUCTING SECURE VOIP MULTI-PARTY CALLS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links