Authentication of SIP and RTP traffic
First Claim
Patent Images
1. A method for authenticating the source IP address of a Session Initiation Protocol (SIP) data packet sent over a network from a source having a source IP address to a destination, the method comprising:
- receiving the SIP data packet at the destination;
decoding, at the destination, data of the received SIP data packet, including at least the source IP address of the received SIP data packet;
encoding said data of the received SIP data packet into a cookie;
sending, from the destination, an outgoing SIP message to the source IP address,wherein said outgoing SIP message contains said cookie and is configured to solicit a SIP response from the source;
if the source does not respond to said outgoing SIP message, then designating the source IP address of the SIP data packet to be unauthenticated, otherwise;
receiving, at the destination, said SIP response in reply to said outgoing SIP message;
decoding, at the destination, data of said received SIP response, including at least said cookie and a sender IP address of said received SIP response;
processing said data of said received SIP response to determine if said received SIP response is from the source IP address and is an authentic response to said outgoing SIP message; and
if said received SIP response is from the source IP address and is an authentic response to said outgoing SIP message, then designating the source IP address of the SIP data packet to be authenticated.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for authenticating communication traffic includes receiving a Session Initiation Protocol (SIP) data packet sent over a network from a source address to a destination address, sending an outgoing SIP message to the source address, receiving an incoming SIP message in response to the outgoing SIP message and processing the incoming SIP response message so as to assess authenticity of the received SIP data packet.
79 Citations
32 Claims
-
1. A method for authenticating the source IP address of a Session Initiation Protocol (SIP) data packet sent over a network from a source having a source IP address to a destination, the method comprising:
-
receiving the SIP data packet at the destination; decoding, at the destination, data of the received SIP data packet, including at least the source IP address of the received SIP data packet; encoding said data of the received SIP data packet into a cookie; sending, from the destination, an outgoing SIP message to the source IP address, wherein said outgoing SIP message contains said cookie and is configured to solicit a SIP response from the source; if the source does not respond to said outgoing SIP message, then designating the source IP address of the SIP data packet to be unauthenticated, otherwise; receiving, at the destination, said SIP response in reply to said outgoing SIP message; decoding, at the destination, data of said received SIP response, including at least said cookie and a sender IP address of said received SIP response; processing said data of said received SIP response to determine if said received SIP response is from the source IP address and is an authentic response to said outgoing SIP message; and if said received SIP response is from the source IP address and is an authentic response to said outgoing SIP message, then designating the source IP address of the SIP data packet to be authenticated. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. Apparatus for authenticating the source IP address of a Session Initiation Protocol (SIP) data packet sent over a network from a source having a source IP address to a destination, the apparatus comprising:
-
a network interface, which is adapted to communicate with a network; and a guard processor, which is coupled to the network interface so as to receive a Session Initiation Protocol (SIP) data packet sent over the network from a source having a source IP address to a destination, and is adapted to; receive the SIP data packet at the destination; decode data of the received SIP data packet, including at least the source IP address of the received SIP data packet; encode said data of the received SIP data packet into a cookie; send an outgoing SIP message to the source IP address, wherein said outgoing SIP message contains said cookie and is configured to solicit a SIP response from the source; designate the source IP address of the SIP data packet to be unauthenticated if the source does not respond to said outgoing SIP message;
otherwise;receive, at the destination, said SIP response; decode data of said received SIP response, including at least said cookie and a sender IP address of said received SIP response; process said data of said received SIP response to determine if said received SIP response is from the source IP address and is an authentic response to said outgoing SIP message; and designate the source IP address of the SIP data packet as authenticated if said received SIP response is from the source IP address and is an authentic response to said outgoing SIP message. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
Specification