Method and system for secure communications with IP telephony appliance
First Claim
Patent Images
1. A method for communicating with a telephony enabled device, wherein the device is also capable of communicating on an Internet protocol based (IP) network, comprising:
- activating the telephony enabled device for communicating on a telephony network and communicating on the IP network;
the telephony enabled device broadcasting on the IP network a request for initial IP network information;
in response to the broadcast, the telephony enabled device first receiving an IP address for the telephony enabled device via the first communication;
in response to the broadcast, the telephony enabled device performing a first set of communications with a network node identified by a first IP address for establishing a first communication therebetween;
the telephony enabled device second receiving update information related to an update of operational information used in operating the telephony enabled device, wherein the update information is received via an encrypted and authenticated communication on the IP network from the network node;
the telephony enabled device third receiving a second IP address from the network node for an IP server;
in response to receiving the second IP address, the telephony enabled device fourth receiving security information for encrypting and authenticating IP communications received by the telephony enabled device from the IP server, wherein the security information is determined via an encrypted and authenticated communication on the IP network;
the telephony enabled device authenticating, with the security information, an IP communication between the IP server and the telephony enabled device, including a substep of authenticating whether an IP communication received on a particular port of the telephony enabled device is from the IP server;
the telephony enabled device decrypting, with the security information, the IP communication between the IP server and the telephony enabled device; and
wherein subsequent processing of each communication C of at least most IP communications on the port is dependent upon a corresponding result for authenticating that the communication C is from the IP server, wherein when said result indicates the communication C is not from the IP server, at least one instruction in the communication C is not processed in a manner that the instruction would be processed if said result indicated C were from the IP server.
24 Assignments
0 Petitions
Accused Products
Abstract
A method and system are disclosed for providing secure communications with a communication appliance such as an IP telephone, wherein such an appliance has a reduced risk to attacks by unauthorized or rogue applications. In particular, “denial of service” and “man-in-the-middle” attacks are prevented. One embodiment establishes authenticated and encrypted communications with a single IP server for transmitting and receiving substantially all IP application communications with third parties.
-
Citations
18 Claims
-
1. A method for communicating with a telephony enabled device, wherein the device is also capable of communicating on an Internet protocol based (IP) network, comprising:
-
activating the telephony enabled device for communicating on a telephony network and communicating on the IP network; the telephony enabled device broadcasting on the IP network a request for initial IP network information; in response to the broadcast, the telephony enabled device first receiving an IP address for the telephony enabled device via the first communication; in response to the broadcast, the telephony enabled device performing a first set of communications with a network node identified by a first IP address for establishing a first communication therebetween; the telephony enabled device second receiving update information related to an update of operational information used in operating the telephony enabled device, wherein the update information is received via an encrypted and authenticated communication on the IP network from the network node; the telephony enabled device third receiving a second IP address from the network node for an IP server; in response to receiving the second IP address, the telephony enabled device fourth receiving security information for encrypting and authenticating IP communications received by the telephony enabled device from the IP server, wherein the security information is determined via an encrypted and authenticated communication on the IP network; the telephony enabled device authenticating, with the security information, an IP communication between the IP server and the telephony enabled device, including a substep of authenticating whether an IP communication received on a particular port of the telephony enabled device is from the IP server; the telephony enabled device decrypting, with the security information, the IP communication between the IP server and the telephony enabled device; and wherein subsequent processing of each communication C of at least most IP communications on the port is dependent upon a corresponding result for authenticating that the communication C is from the IP server, wherein when said result indicates the communication C is not from the IP server, at least one instruction in the communication C is not processed in a manner that the instruction would be processed if said result indicated C were from the IP server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for providing both telephony and IP network services, including:
-
a network identification server transmitting a network address in response to a request for a network address by a network communication appliance; a configuration server transmitting configuration information in response to a request by the network communication appliance; an appliance connection server communicating with the network communication appliance, wherein for at least most IP communications with the network communication appliance, the IP communications are with the appliance connection server, wherein said appliance connection server is an intermediary server that can perform steps (a) to (e) and selectively perform one of the following; (a) determining whether a licensing criterion is satisfied for an application in communication with the network communication appliance; (b) encrypting information received from an application communicating with the network communication appliance; (c) decrypting information received from the network communication appliance for subsequently transmitting to an application communicating with the network communication appliance; (d) accessing, information about the network communication appliance, including one or more of; (d-1) a telephony extension for the network communication appliance; (d-2) an IP address for the network communication appliance; (d-3) an encryption key for encrypting information transmitted to the network communication appliance; (d-4) an authentication key for authenticating information received from the network communication appliance; and (e) at least one of;
exchanging and negotiating keys for subsequently encrypting and authenticating communications between the network communication appliance and the server. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A communication appliance for performing the following steps:
-
broadcasting a request for a network address; first receiving a network address in response to the request for a network address by the communication appliance from a network identification server; sending a request for configuration information to a configuration server; second receiving configuration information in response to the request by the communication appliance from the configuration server; communicating with an appliance connection server, wherein the appliance connection server serves as an intermediary network node that can perform steps (a) to (e) and selectively perform one of the following with each application (A) of a plurality of applications that communicate with the appliance connection server via an IP network; (a) determining whether a licensing criterion is satisfied for the application A in communication with the network communication appliance;
(b) encrypting information received from the application A communicating with the network communication appliance;(c) decrypting information received from the network communication appliance for subsequently transmitting to the application A communicating with the network communication appliance; (d) accessing information about the network communication appliance, including one or more of; (d-1) a telephony extension for the network communication appliance; (d-2) an IP address for the network communication appliance; (d-3) an encryption key for encrypting information transmitted to the network communication appliance; (d-4) an authentication key for authenticating information received from the network communication appliance; and (e) at least one of;
exchanging and negotiating keys for subsequently encrypting and authenticating communications between the network communication appliance and the server. - View Dependent Claims (18)
-
Specification