Internet protocol telephony security architecture
First Claim
1. A secure IP telephony system, the system comprising:
- a Cable Telephony Adapter (CTA) coupled to an IP telephony network and comprising a public/private key pair and a public key certificate signed by a certificate authority;
a Key Distribution Center (KDC) coupled to the IP telephony network and configured to generate a ticket and session key to the CTA in response to a request from the CTA and distribute the session key to the CTA using public key encryption; and
a signaling controller coupled to the IP telephony network and configured to receive the ticket in a set up request from the CTA and generate and distribute a symmetric sub-key to the CTA in response to the set up request in a reply message, wherein both the call set up request and the reply message are encrypted using the session key,wherein the ticket includes an identity of the CTA, an identity of the signaling controller, and an expiration time.
3 Assignments
0 Petitions
Accused Products
Abstract
A secure Internet Protocol (IP) telephony system, apparatus, and methods are disclosed. Communications over an IP telephony system can be secured by securing communications to and from a Cable Telephony Adapter (CTA). The system can include one or more CTAs, network servers, servers configured as signaling controllers, key distribution centers (KDC), and can include gateways that couple the IP telephony system to a Public Switched Telephone Network (PSTN). Each CTA can be configured as secure hardware and can be configured with multiple encryption keys that are used to communicate signaling or bearer channel communications. The KDC can be configured to periodically distribute symmetric encryption keys to secure communications between devices that have been provisioned to operate in the system and signaling controllers. The secure devices, such as the CTA, can communicate with other secure devices by establishing signaling and bearer channels that are encrypted with session specific symmetric keys derived from a symmetric key distributed by a signaling controller.
-
Citations
18 Claims
-
1. A secure IP telephony system, the system comprising:
-
a Cable Telephony Adapter (CTA) coupled to an IP telephony network and comprising a public/private key pair and a public key certificate signed by a certificate authority; a Key Distribution Center (KDC) coupled to the IP telephony network and configured to generate a ticket and session key to the CTA in response to a request from the CTA and distribute the session key to the CTA using public key encryption; and a signaling controller coupled to the IP telephony network and configured to receive the ticket in a set up request from the CTA and generate and distribute a symmetric sub-key to the CTA in response to the set up request in a reply message, wherein both the call set up request and the reply message are encrypted using the session key, wherein the ticket includes an identity of the CTA, an identity of the signaling controller, and an expiration time. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
Specification