Systems and methods for securing multimedia transmissions over the internet

US 8,024,560 B1
Filed: 10/12/2005
Issued: 09/20/2011
Est. Priority Date: 10/12/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

receiving a first authenticated request encrypted by a first encryption key for communicating with a second client sent from a first client to a reference monitor;

transmitting a session certificate with a third encryption key from the reference monitor to the first client upon verifying the first encryption key, wherein the session certificate includes an encrypted permit identifier in accordance with a policy table in the reference monitor, wherein the permit identifier corresponds to an entry containing the session key in a table stored within the reference monitor;

encrypting data with the third encryption key at the first client;

transmitting the session certificate and the data from the first client to the second client;

transmitting a second authenticated request encrypted by a second encryption key for communicating with the first client with the session certificate sent from the second client to the reference monitor;

upon verifying the second authenticated request utilizing the second encryption key, decrypting the encrypted permit identifier at the reference monitor based on the session certificate transmitted from the second client to the reference monitor;

transmitting an authenticated response with the third encryption key as an encrypted session key from the reference monitor to the second client; and

decrypting encrypted data sent from the first client to the second client in response to the third encryption key.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, the systems and methods utilizes an enciphered permit identification number, called a session certificate, to reference the policy attribute values and session key that are stored in a secured, online reference monitor (SRM). The session key is used to encipher confidential communications, such as voice and audio communications over the Internet (VoIP), between computers. Each computer uses a unique key with a cryptographic transaction protocol for authentication and key agreement (PAKE) to securely communicate with the SRM. A sender computer uses PAKE to get a session certificate and a session key from the SRM. It sends the session certificate to a receiver computer. The receiver computer sends the session certificate to the SRM and gets back the session key. The sender computer encrypts its VoIP message with the session key and transmits it to the receiver computer. The receiver computer decrypts the VoIP message.

76 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving a first authenticated request encrypted by a first encryption key for communicating with a second client sent from a first client to a reference monitor;
  
  transmitting a session certificate with a third encryption key from the reference monitor to the first client upon verifying the first encryption key, wherein the session certificate includes an encrypted permit identifier in accordance with a policy table in the reference monitor, wherein the permit identifier corresponds to an entry containing the session key in a table stored within the reference monitor;
  
  encrypting data with the third encryption key at the first client;
  
  transmitting the session certificate and the data from the first client to the second client;
  
  transmitting a second authenticated request encrypted by a second encryption key for communicating with the first client with the session certificate sent from the second client to the reference monitor;
  
  upon verifying the second authenticated request utilizing the second encryption key, decrypting the encrypted permit identifier at the reference monitor based on the session certificate transmitted from the second client to the reference monitor;
  
  transmitting an authenticated response with the third encryption key as an encrypted session key from the reference monitor to the second client; and
  
  decrypting encrypted data sent from the first client to the second client in response to the third encryption key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method according to claim 1 further comprising transmitting a transaction between the first client and the reference monitor to initiate an encrypted communication between the first client and the second client.
  - 3. The method according to claim 1 wherein the policy table stores a plurality of entries wherein each entry corresponds with a particular policy state and session key.
  - 4. The method according to claim 1 further compromising dynamically modifying the policy state within the policy table while retaining the certificate.
  - 5. The method according to claim 1 wherein the permit identifier is represented by an index number.
  - 6. The method according to claim 1 further comprising preventing the transmission and receiving of encrypted communications between the first client and the second client by indicating an invalid client enrollment status within an enrollment table in the reference monitor.
  - 7. The method of claim 1 further comprising issuing a session key from the reference monitor to the first client and the second client based on the policy state such that the first and second client are capable of transmitting and receiving an encrypted communication.
  - 8. The method according to claim 2 wherein the transaction is a cryptographic protocol for authentication and key agreement.
  - 9. The method of claim 7 further comprising allowing a third client to intercept a certificate transmitted between the first and second clients, under proper authorization issuing the session key from the reference monitor to a third client such that the third client is capable of decrypting the encrypted communications between the first and second clients.

10. A system comprising:
- a first client configured to communicate through a network and capable of issuing a first authenticated request encrypted by a first encryption key to a reference monitor; and
  
  a second client configured to communicate through the network and capable of issuing a second authenticated request encrypted by a second encryption key requesting communication with the first client to the reference monitor;
  
  wherein the reference monitor, upon verifying the first authenticated request utilizing the first encryption key and verifying the second authenticated request utilizing the second encryption key, is configured to generate a session certificate including an encrypted identifier wherein the encrypted identifier corresponds to a policy state and a third encryption key as a session key that is associated with a particular entry in a policy table that is stored within the reference monitor, wherein the encrypted identifier is utilized by the first and second clients, wherein the first client and the second client are provided with an encrypted communication channel through the network.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The system according to claim 10 wherein the network is an Internet.
  - 12. The system according to claim 10 wherein the reference monitor is configured to utilize a cryptographic protocols for authentication and key agreement to provide the encrypted communication channel.
  - 13. The system according to claim 10 wherein the reference monitor is configured to communicate with an application layer gateway.
  - 14. The system according to claim 10 wherein the reference monitor is configured to communicate with a proxy server.
  - 15. The system according to claim 10 wherein the reference monitor is configured to communicate with a user agent.
  - 16. The system according to claim 10 wherein the policy table stores a plurality of entries each entry corresponds with a particular policy state and session key.
  - 17. The system according to claim 10 wherein the policy state is modified through a change within the policy state table while retaining the certificate.
  - 18. The system according to claim 10 wherein the reference monitor is configured to issue a session key to the first client and the second client based on the policy state such that the first and second client are capable of utilizing the encrypted communication channel.
  - 19. The system according to claim 18 wherein the reference monitor is configured to issue the session key to a third client based on a proper authorization such that the third client is capable of decrypting the encrypted communication channel.

20. A method comprising:
- receiving a first authenticated request encrypted by a first encryption key for communicating with a second client from a first client at a reference monitor;
  
  creating an entry that contains a session key in a permit table that is stored within the reference monitor when the first authenticated request is adjudicated;
  
  transmitting a first authenticated response with a first session certificate with a third encryption key and the session key from the reference monitor to the first client upon verifying the first encryption key, wherein the first session certificate includes an encrypted permit identifier;
  
  transmitting the first session certificate from the first client to a second client;
  
  transmitting a second authenticated request encrypted by a second encryption key for communicating with the first client along with the first session certificate from the second client to the reference monitor;
  
  upon verifying the second authenticated request utilizing the second encryption key, decrypting the encrypted permit identifier at the reference monitor based on the first certificate transmitted from the second client to the reference monitor;
  
  retrieving the session key at the reference monitor upon the second authenticated request is adjudicated, wherein the session key allows the first client to encrypt messages to the second client and the session key allows the second client to decrypt encrypted messages from the first client;
  
  transmitting a second authenticated response with the session key including the third encryption key from the reference monitor to the second client;
  
  decrypting the encrypted data sent from the first client to the second client in response to the third encryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alex I. Alten
Original Assignee
Alex I. Alten
Inventors
Alten, Alex I.
Primary Examiner(s)
Srivastava; Vivek
Assistant Examiner(s)
Salehi; Helai

Application Number

US11/248,133
Time in Patent Office

2,169 Days
Field of Search

713/193, 713/170, 713/156, 726/2, 380/243, 380/259, 235/379, 705/70.44, 705/76, 705/79, 705/71, 705/75
US Class Current

713/156
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0823   using certificates cryptogr...

H04L 9/0844   with user authentication or...

Systems and methods for securing multimedia transmissions over the internet

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

76 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for securing multimedia transmissions over the internet

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

76 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links