Signing and validating session initiation protocol routing headers

US 7,535,905 B2
Filed: 03/31/2004
Issued: 05/19/2009
Est. Priority Date: 03/31/2004
Status: Active Grant

First Claim

Patent Images

1. A method of processing a Session Initiation Protocol (SIP) message, the method comprising:

receiving a SIP request at a SIP node, the SIP request including a message header including data indicative of network routing locations;

determining a RECORD-ROUTE header of the SIP request;

editing the data at the SIP node;

generating a signature based upon at least a portion of the message header including the edited data;

generating a SIP node header entry; and

inserting the signature into the SIP node header entry;

wherein generating the signature includes generating the signature based upon at least a portion of the RECORD-ROUTE header of the SIP request; and

wherein inserting the signature includes inserting the signature into a RECORD-ROUTE header of the SIP node.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, computer readable medium having computer executable instructions, and a computer readable medium having stored thereon a data structure for signing and validating Session Initiation Protocol (“SIP”) routing headers are disclosed. A SIP node may receive a SIP request including a message header. A signature based upon at least a portion of the message header and a SIP node header entry may be generated. The signature may then be inserted into the SIP node header entry.

99 Citations

View as Search Results

12 Claims

1. A method of processing a Session Initiation Protocol (SIP) message, the method comprising:
- receiving a SIP request at a SIP node, the SIP request including a message header including data indicative of network routing locations;
  
  determining a RECORD-ROUTE header of the SIP request;
  
  editing the data at the SIP node;
  
  generating a signature based upon at least a portion of the message header including the edited data;
  
  generating a SIP node header entry; and
  
  inserting the signature into the SIP node header entry;
  
  wherein generating the signature includes generating the signature based upon at least a portion of the RECORD-ROUTE header of the SIP request; and
  
  wherein inserting the signature includes inserting the signature into a RECORD-ROUTE header of the SIP node.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the SIP node header entry is an echoed header.
  - 3. The method of claim 1, wherein inserting the signature includes inserting the signature as a header parameter of the RECORD-ROUTE header of the SIP node.
  - 4. The method of claim 1, further comprising:
    - receiving a SIP response at the SIP node in reply to the SIP request, the SIP response comprising the RECORD-ROUTE header for the SIP node which includes a third received signature; and
      
      verifying the third received signature.
  - 5. The method of claim 1, further comprising:
    - determining a next link to a next SIP node to receive the SIP request; and
      
      determining if the next link to the next SIP node is an untrusted link, wherein generating the third signature includes only generating the third signature if the next link is an untrusted link.

6. A method of processing a Session Initiation Protocol (SIP) message, the method comprising:
- receiving a SIP request at a SIP node, the SIP request including a message header;
  
  generating a signature based upon at least a portion of the message header;
  
  generating a SIP node header entry, wherein the SIP node header entry is a VIA header;
  
  inserting the signature into the SIP node header entry;
  
  receiving a SIP response at the SIP node in reply to the SIP request, the SIP response comprising the VIA header for the SIP node, the VIA header including a first received signature;
  
  verifying the first received signature;
  
  determining a next link to a next SIP node to receive the SIP request; and
  
  determining if the next link to the next SIP node is an untrusted link, wherein generating the first signature includes only generating the first signature if the next link is an untrusted link.

7. A method of processing a Session Initiation Protocol (SIP) message, the method comprising:
- receiving a SIP request at a SIP node, the SIP request including a message header;
  
  generating a signature based upon at least a portion of the message header;
  
  generating a SIP node header entry;
  
  inserting the signature into the SIP node header entry;
  
  receiving a SIP response in reply to the SIP request, the SIP response including a response header;
  
  generating another signature based upon a RECORD-ROUTE header and a CONTACT header of the response header;
  
  inserting the other signature into a RECORD-ROUTE header of the SIP node of the response; and
  
  before generating the other signature, removing an existing signature from the SIP node header entry.

8. A computer storage medium having computer executable instructions for performing steps for processing messages in a pool of servers having a first server and a second server which are constructed and arranged to be interchangeably used to process messages in the same dialog, the steps comprising:
- identifying, at the first server, a public key and a private key;
  
  receiving, at the first server, a first message including a first header;
  
  generating a session key;
  
  encrypting the session key with the private key;
  
  generating, with the public key, a key signature based on the encrypted session key;
  
  inserting the key signature into the first header; and
  
  identifying a time stamp containing data representing a date and time of creation for the session key and appending the time stamp to the session key, wherein encrypting the session key includes encrypting the session key and the time stamp.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The computer storage medium of claim 8, further comprising:
    - identifying, at the second server, the public key and the private key;
      
      receiving, at the second server, a second message including a second header, the second header comprising the key signature;
      
      decrypting the key signature to determine the session key.
  - 10. The computer storage medium of claim 9, further comprising:
    - verifying at least a portion of the second message with the session key.
  - 11. The computer storage medium of claim 8, wherein the first message is a Session Initiation Protocol (SIP) message.
  - 12. The computer storage medium of claim 8, wherein the first server is a proxy server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Buch, Jeremy Thomas, Su, Jinyan, Narayanan, Sankaran, Eydelman, Vadim
Primary Examiner(s)
Orgad; Edan
Assistant Examiner(s)
Ahmed; Salman

Application Number

US10/815,232
Publication Number

US 20050220095A1
Time in Patent Office

1,875 Days
Field of Search

370/466, 370/389, 709/229, 709/246
US Class Current

370/392
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/126   the source of the received ...

H04L 63/1458   Denial of Service

H04L 65/1104   Session initiation protocol...

H04L 67/14   Session management for real...

H04L 69/22   Parsing or analysis of headers

H04L 69/329   in the application layer [O...

Signing and validating session initiation protocol routing headers

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

99 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Signing and validating session initiation protocol routing headers

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

99 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links