Methods for secure and bandwidth efficient cryptographic synchronization
First Claim
1. A method in a transmitter for cryptographic synchronization of data packets, wherein said data packets are transmitted to a receiver using the Secure Real-Time Transport Protocol (SRTP) as defined in Internet Engineering Task Force (IETF) Request for Comments (RFC) 3711, said method comprising the steps of:
- receiving a data packet for transmission;
performing SRTP processing on said data packet except for integrity transform;
determining whether a packet sequence number for said data packet is evenly divisible by R, where R is an integer previously agreed to by said transmitter and said receiver; and
,if the packet sequence number is not evenly divisible by R;
completing SRTP processing on said data packet;
and,transmitting said data packet to said receiver;
if the packet sequence number is evenly divisible by R;
computing and appending a message authentication code (MAC) to said data packet, wherein said MAC is a function of an SRTP key associated with said data packet and a transmitter roll-over counter (ROC) value, said transmitter ROC value corresponding to a counter in said transmitter that is incremented whenever a sequence number counter in said transmitter rolls over;
appending said transmitter ROC value to said data packet;
completing SRTP processing on said data packet;
and,transmitting said data packet to said receiver.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods for cryptographic synchronization of data packets. A roll-over counter (ROC) value is periodically appended to and transmitted with a data packet when a function of the packet sequence number equals a predetermined value. The ROC effectively synchronizes the cryptographic transformation of the data packets. Although the disclosed methods are generally applicable to many transmission protocols, they are particularly adaptable for use in systems wherein the data packets are transmitted to a receiver using the Secure Real-Time Transport Protocol (SRTP) as defined in Internet Engineering Task Force (IETF) Request for Comments (RFC) 3711.
10 Citations
16 Claims
-
1. A method in a transmitter for cryptographic synchronization of data packets, wherein said data packets are transmitted to a receiver using the Secure Real-Time Transport Protocol (SRTP) as defined in Internet Engineering Task Force (IETF) Request for Comments (RFC) 3711, said method comprising the steps of:
-
receiving a data packet for transmission; performing SRTP processing on said data packet except for integrity transform; determining whether a packet sequence number for said data packet is evenly divisible by R, where R is an integer previously agreed to by said transmitter and said receiver; and
,if the packet sequence number is not evenly divisible by R; completing SRTP processing on said data packet; and, transmitting said data packet to said receiver; if the packet sequence number is evenly divisible by R; computing and appending a message authentication code (MAC) to said data packet, wherein said MAC is a function of an SRTP key associated with said data packet and a transmitter roll-over counter (ROC) value, said transmitter ROC value corresponding to a counter in said transmitter that is incremented whenever a sequence number counter in said transmitter rolls over; appending said transmitter ROC value to said data packet; completing SRTP processing on said data packet; and, transmitting said data packet to said receiver. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method in a receiver for cryptographic synchronization of data packets, wherein said data packets are received from a transmitter using the Secure Real-Time Transport Protocol (SRTP) as defined in Internet Engineering Task Force (IETF) Request for Comments (RFC) 3711, said method comprising the steps of:
-
receiving a data packet from said transmitter; performing SRTP processing on said data packet except SRTP key derivation; determining if a transmitter roll-over counter (ROC) value is appended to said data packet, wherein the presence of a transmitter ROC value is indicated if the packet sequence number is evenly divisible by R, where R is an integer previously agreed to by said transmitter and said receiver; if the data packet does not include a transmitter ROC value; performing standard SRTP key derivation using conventional ROC estimation if the data packet does includes a transmitter ROC value; performing SRTP key derivation using the transmitter ROC value rather than a receiver ROC value; determining the integrity of the data packet; and
,if the integrity of said data packet is not confirmed, dropping said data packet;
otherwise,if the integrity of said data packet is confirmed; setting said receiver ROC value to the transmitter ROC value contained in said data packet; removing said transmitter ROC value and a message authentication code (MAC) from said data packet; and
,completing SRTP processing on data packet. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A method for cryptographic synchronization of data packets, said method comprising the steps of:
-
receiving a data packet at a transmitter for transmission to a receiver, said data packet including a packet sequence number(s); determining whether a function F(s) of said packet sequence number is equal to a predetermined value, where F(s) is previously agreed to by said transmitter and said receiver; if F(s) is equal to said predetermined value; computing and appending a code to said data packet, wherein said code is a function of an authentication key associated with said data packet and a transmitter roll-over counter (ROC) value, said transmitter ROC value corresponding to a counter in said transmitter that is incremented whenever a sequence number counter in said transmitter rolls over; appending said transmitter ROC value to said data packet; transmitting said data packet to said receiver;
otherwise, if F(s) is not equal to said predetermined value;transmitting said data packet to said receiver without appending said transmitter ROC value; receiving said data packet at said receiver; determining if said transmitter ROC value is appended to said data packet, wherein the presence of a transmitter ROC value is indicated if F(s) is equal to said predetermined value; if the data packet does includes a transmitter ROC value; performing security processing using the transmitter ROC value rather than a receiver ROC value, said security processing comprising the steps of; determining the integrity of the data packet; and
,if the integrity of said data packet is not confirmed, dropping said data packet;
otherwise,if the integrity of said data packet is confirmed; setting said receiver ROC value to the transmitter ROC value; if the data packet does not include a transmitter ROC value; performing security processing using said receiver ROC value or an estimate of said ROC value. - View Dependent Claims (13, 14, 15, 16)
-
Specification