Communication system, method for registering a communication relationship and gateway computer

US 7,787,441 B2
Filed: 01/25/2005
Issued: 08/31/2010
Est. Priority Date: 01/27/2004
Status: Active Grant

First Claim

Patent Images

1. A communication system, comprising:

a plurality of communication elements, comprising;

a gatekeeper residing in a first network,a gateway connected to the gatekeeper, anda communication unit residing in a second network, the communication unit connected to the gateway,a request message is sent from the communication unit to the gatekeeper via the gateway in order to establish a trust relationship between the communication unit and the gateway,wherein the gateway checks the authenticity of the request message from the communication unit,wherein the gateway forwards the request message to the gatekeeper after the request message is verified as authentic,wherein the gatekeeper checks that the communication unit is authorized at the gatekeeper in response to receiving the forwarded request message, andwherein when the communication unit is authorized;

the gatekeeper sends a first response message to the gateway indicating a positive authorization, andthe gateway receives the first response message and sends a second response message to the communication unit in response to receiving the first response message, the second response message indicating a positive authorization,wherein the trust relationship is established between the communication unit and the gateway as a result of the request message being verified as authentic and of the communication unit being verified as authorized, andwherein the first communication network and the second communication network are different networks.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A communication system is proposed which, as its communication elements (KE) has a gatekeeper (GK), a gateway (GW) coupled to the gatekeeper (GK) and at least one communication unit (KEH) coupled to the gateway (GW), with the communication system being set up so that, to register a communication relationship of the communication unit (KEH) in the communication system (KS), a request message (ANF) is transmitted from the communication unit (KEH) via the gateway (GW) to the gatekeeper (GK), which is checked in the gateway (GW) for authenticity and in the gatekeeper (GK) for authorization.

14 Citations

View as Search Results

18 Claims

1. A communication system, comprising:
- a plurality of communication elements, comprising;
  
  a gatekeeper residing in a first network,a gateway connected to the gatekeeper, anda communication unit residing in a second network, the communication unit connected to the gateway,a request message is sent from the communication unit to the gatekeeper via the gateway in order to establish a trust relationship between the communication unit and the gateway,wherein the gateway checks the authenticity of the request message from the communication unit,wherein the gateway forwards the request message to the gatekeeper after the request message is verified as authentic,wherein the gatekeeper checks that the communication unit is authorized at the gatekeeper in response to receiving the forwarded request message, andwherein when the communication unit is authorized;
  
  the gatekeeper sends a first response message to the gateway indicating a positive authorization, andthe gateway receives the first response message and sends a second response message to the communication unit in response to receiving the first response message, the second response message indicating a positive authorization,wherein the trust relationship is established between the communication unit and the gateway as a result of the request message being verified as authentic and of the communication unit being verified as authorized, andwherein the first communication network and the second communication network are different networks.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The communication system in accordance with claim 1, wherein a subsequent message is sent from the communication unit to the gatekeeper after the message being verified as authentic and after the positive authorization, the subsequent message sent using a simple cryptographic method.
  - 3. The communication system in accordance with claim 1,wherein the plurality of communication elements further comprises a further communication unit residing in a third network, the further communication unit connected to the communication unit, the communication unit is a further gateway which is connected with a further communication unit orwherein the communication unit is a computer.
  - 4. The communication system in accordance with claim 3, wherein a trust relationship exists between each of the plurality of communication elements that are connected.
  - 5. The communication system in accordance with claim 4, wherein each trust relationship exists after an authentication and authorization and each trust relationship is represented by a password or a secret formed by the Diffie-Hellman method.
  - 6. The communication system in accordance with claim 3, wherein when a trust relationship does not yet exist between two of the plurality of communication elements that are connected, a message is transmitted using a digital certificate between the two of the plurality of communication elements that are connected.
  - 7. The communication system in accordance with claim 6, wherein each of the plurality of communication elements has a personal certificate and a private key.
  - 8. The communication system in accordance with claim 7, wherein each of the plurality of communication elements has a root certificate with which the personal certificate of the connected communication element is signed.
  - 9. The communication system in accordance with claim 3, wherein each of the plurality of communication elements only knows the address of the communication element connected to it.
  - 10. The communication system in accordance with claim 1, wherein a trust relationship exists:
    - between each two connected communication elements from the plurality of communication elements, andafter an authentication and authorization.

11. A method for registering a communication relation in a communication system having a plurality of communication elements, the plurality of communication elements including a gatekeeper in a first communication network, a gateway connected a second communication network to the gatekeeper, and a communication unit connected to the gateway, the method comprising:
- transmitting a request message from the communication unit to the gatekeeper via the gateway in order to establish a trust relationship between the communication unit and the gateway;
  
  performing an authentication of the request message by the gateway;
  
  forwarding the request message to the gatekeeper when the outcome of the authentication is positive;
  
  checking authorization of the communication unit by the gatekeeper in response to gatekeeper receiving the forwarded message;
  
  transmitting a response message to the communication unit sending the request message; and
  
  establishing a trust relationship between the communication unit and the gateway after a positive authentication of the request message at the gatekeeper and a positive authorization of the communication unit at the gateway;
  
  sending a subsequent message after the establishing the trust relationship between the communication unit and the gateway, the subsequent message sent from the communication unit to the gatekeeper using a simple cryptographic method,wherein the first communication network and the second communication network are different networks.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The method according to claim 11, wherein the trust relationship established between the gateway and the gatekeeper includes sending an earlier request message from the gateway to the gatekeeper, authenticating the earlier request message by the gatekeeper and authorizing the gateway by the gatekeeper, wherein a trust relationship between the gateway and the gatekeeper is established after a positive authentication of the earlier request message and a positive authorization of the gateway.
  - 13. The method according to claim 11,wherein when a trust relationship does not exist between two of the communication elements that are connected, data is transmitted between the respective elements using a certificate, andwherein when a trust relationship exists between two of the communication elements that are connected, data is transmitted between the respective elements using a secret or a password.
  - 14. The method according to claim 11,wherein the plurality of communication elements include a plurality of gateways connected serially between the communication unit and the gatekeeper, andwherein the authentication of the request message is in the gateway connected to the communication unit and authorization of the communication unit is in the gatekeeper.
  - 15. The method according to claim 14, wherein a trust relationship is established between each of the connected elements, beginning with the gateway connected to the gatekeeper.
  - 16. The method according to claim 11,wherein the gateway modifies the request message by:
    - using a Network Address Translation to convert an IP address,modifying a checksum in the request message using the converted IP address, andwherein the modified request message is forwarded.
  - 17. The method according to claim 11, wherein the request message sent by the communication element includes the gateway as a destination of the message,wherein the gateway modifies the request message prior to the forwarding of the modified message, andwherein the modified message includes the gatekeeper as the destination of the message.

18. A method for registering a communication relation in a communication system having a plurality of communication elements, the plurality of communication elements including a gatekeeper in a first network, a gateway connected to the gatekeeper in a second network, and a communication unit connected to the gateway, the method comprising:
- transmitting a request message from the communication unit to the gatekeeper via the gateway in order to establish a trust relationship between the communication unit and the gateway;
  
  performing an authentication of the request message by the gateway;
  
  forwarding the request message to the gatekeeper when the outcome of the authentication is positive;
  
  checking authorization of the communication unit by the gatekeeper in response to gatekeeper receiving the forwarded message;
  
  transmitting a response message to the communication unit sending the request message; and
  
  establishing a trust relationship between the communication unit and the gateway after a positive authentication of the request message at the gatekeeper and a positive authorization of the communication unit at the gateway,wherein the first communication network and the second communication network are different networks.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Siemens AG
Original Assignee
Siemens AG
Inventors
Fries, Steffen, Bohm, Markus, Klasen, Wolfgang, Buβer, Jens-Uwe
Primary Examiner(s)
Sheikh, Ayaz R
Assistant Examiner(s)
Wong, Blanche

Application Number

US11/042,871
Publication Number

US 20050169251A1
Time in Patent Office

2,044 Days
Field of Search

None
US Class Current

370/352
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 63/10   for controlling access to d...

H04L 65/1069   Session establishment or de...

H04L 65/1101   Session protocols

H04L 65/1106   Call signalling protocols; ...

H04M 3/38   Graded-service arrangements...

H04M 7/006   Networks other than PSTN/IS...

H04M 7/0078   Security; Fraud detection; ...

Communication system, method for registering a communication relationship and gateway computer

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

14 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Communication system, method for registering a communication relationship and gateway computer

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links