Systems and methods for securing multimedia transmissions over the internet
First Claim
1. A method comprising:
- receiving a first authenticated request encrypted by a first encryption key for communicating with a second client sent from a first client to a reference monitor;
transmitting a session certificate with a third encryption key from the reference monitor to the first client upon verifying the first encryption key, wherein the session certificate includes an encrypted permit identifier in accordance with a policy table in the reference monitor, wherein the permit identifier corresponds to an entry containing the session key in a table stored within the reference monitor;
encrypting data with the third encryption key at the first client;
transmitting the session certificate and the data from the first client to the second client;
transmitting a second authenticated request encrypted by a second encryption key for communicating with the first client with the session certificate sent from the second client to the reference monitor;
upon verifying the second authenticated request utilizing the second encryption key, decrypting the encrypted permit identifier at the reference monitor based on the session certificate transmitted from the second client to the reference monitor;
transmitting an authenticated response with the third encryption key as an encrypted session key from the reference monitor to the second client; and
decrypting encrypted data sent from the first client to the second client in response to the third encryption key.
0 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment, the systems and methods utilizes an enciphered permit identification number, called a session certificate, to reference the policy attribute values and session key that are stored in a secured, online reference monitor (SRM). The session key is used to encipher confidential communications, such as voice and audio communications over the Internet (VoIP), between computers. Each computer uses a unique key with a cryptographic transaction protocol for authentication and key agreement (PAKE) to securely communicate with the SRM. A sender computer uses PAKE to get a session certificate and a session key from the SRM. It sends the session certificate to a receiver computer. The receiver computer sends the session certificate to the SRM and gets back the session key. The sender computer encrypts its VoIP message with the session key and transmits it to the receiver computer. The receiver computer decrypts the VoIP message.
76 Citations
20 Claims
-
1. A method comprising:
-
receiving a first authenticated request encrypted by a first encryption key for communicating with a second client sent from a first client to a reference monitor; transmitting a session certificate with a third encryption key from the reference monitor to the first client upon verifying the first encryption key, wherein the session certificate includes an encrypted permit identifier in accordance with a policy table in the reference monitor, wherein the permit identifier corresponds to an entry containing the session key in a table stored within the reference monitor; encrypting data with the third encryption key at the first client; transmitting the session certificate and the data from the first client to the second client; transmitting a second authenticated request encrypted by a second encryption key for communicating with the first client with the session certificate sent from the second client to the reference monitor; upon verifying the second authenticated request utilizing the second encryption key, decrypting the encrypted permit identifier at the reference monitor based on the session certificate transmitted from the second client to the reference monitor; transmitting an authenticated response with the third encryption key as an encrypted session key from the reference monitor to the second client; and decrypting encrypted data sent from the first client to the second client in response to the third encryption key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system comprising:
-
a first client configured to communicate through a network and capable of issuing a first authenticated request encrypted by a first encryption key to a reference monitor; and a second client configured to communicate through the network and capable of issuing a second authenticated request encrypted by a second encryption key requesting communication with the first client to the reference monitor; wherein the reference monitor, upon verifying the first authenticated request utilizing the first encryption key and verifying the second authenticated request utilizing the second encryption key, is configured to generate a session certificate including an encrypted identifier wherein the encrypted identifier corresponds to a policy state and a third encryption key as a session key that is associated with a particular entry in a policy table that is stored within the reference monitor, wherein the encrypted identifier is utilized by the first and second clients, wherein the first client and the second client are provided with an encrypted communication channel through the network. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method comprising:
-
receiving a first authenticated request encrypted by a first encryption key for communicating with a second client from a first client at a reference monitor; creating an entry that contains a session key in a permit table that is stored within the reference monitor when the first authenticated request is adjudicated; transmitting a first authenticated response with a first session certificate with a third encryption key and the session key from the reference monitor to the first client upon verifying the first encryption key, wherein the first session certificate includes an encrypted permit identifier; transmitting the first session certificate from the first client to a second client; transmitting a second authenticated request encrypted by a second encryption key for communicating with the first client along with the first session certificate from the second client to the reference monitor; upon verifying the second authenticated request utilizing the second encryption key, decrypting the encrypted permit identifier at the reference monitor based on the first certificate transmitted from the second client to the reference monitor; retrieving the session key at the reference monitor upon the second authenticated request is adjudicated, wherein the session key allows the first client to encrypt messages to the second client and the session key allows the second client to decrypt encrypted messages from the first client; transmitting a second authenticated response with the session key including the third encryption key from the reference monitor to the second client; decrypting the encrypted data sent from the first client to the second client in response to the third encryption key.
-
Specification