Methods of providing an integrated and mutual authentication in a communication network
First Claim
1. A method for providing an integrated and mutual authentication in a communication network, the method comprising:
- at a Session Initiation Protocol (SIP) client;
transmitting a service ticket request to a key distribution center in response to a provision of a user'"'"'s security credentials to authenticate to the key distribution center;
responsive to the transmitting, receiving a session key encrypted with a Ticket Granting Ticket (TGT) session key shared between a SIP client and a Kerberos authentication server, and receiving a service ticket encrypted with a SIP service key shared between a SIP server and the Kerberos authentication server, wherein the service ticket includes the session key;
decrypting the session key encrypted with the TGT session key shared between the SIP client and the Kerberos authentication server;
transmitting the service ticket to the SIP server;
utilizing the session key for mutual digest authentication with the SIP server, upon the service ticket being decrypted by the SIP server using the SIP service key shared between the SIP server and the Kerberos authentication server,conveying an authorization header, comprising a challenge value, to the SIP server;
in response to conveying the authorization header, receiving a responsive authorization header, comprising a new challenge value, from the SIP server;
storing a portion of the received authorization header; and
pre-emptively sending a new authorization header, based on the stored portion of the received authorization header, to the SIP server without first receiving another new challenge value from the SIP server.
1 Assignment
0 Petitions
Accused Products
Abstract
A service ticket request is transmitted to a key distribution center in response to providing the security credential. In response to the transmitting, a session key encrypted with a TGT session key shared between a SIP client and a Kerberos authentication server, and a service ticket encrypted with a SIP service key shared between a SIP server and the Kerberos authentication server are received. The service ticket includes the session key. The session key, encrypted with the SIP session key shared between the SIP client and the Kerberos authentication server, is decrypted by the SIP client. The service ticket is transmitted to a SIP server. The SIP server decrypts the service ticket using the SIP service key shared between the SIP server and the Kerberos authentication server and stores the session key. The session key is utilized for mutual digest authentication between the SIP client and the SIP server.
11 Citations
20 Claims
-
1. A method for providing an integrated and mutual authentication in a communication network, the method comprising:
-
at a Session Initiation Protocol (SIP) client; transmitting a service ticket request to a key distribution center in response to a provision of a user'"'"'s security credentials to authenticate to the key distribution center; responsive to the transmitting, receiving a session key encrypted with a Ticket Granting Ticket (TGT) session key shared between a SIP client and a Kerberos authentication server, and receiving a service ticket encrypted with a SIP service key shared between a SIP server and the Kerberos authentication server, wherein the service ticket includes the session key; decrypting the session key encrypted with the TGT session key shared between the SIP client and the Kerberos authentication server; transmitting the service ticket to the SIP server; utilizing the session key for mutual digest authentication with the SIP server, upon the service ticket being decrypted by the SIP server using the SIP service key shared between the SIP server and the Kerberos authentication server, conveying an authorization header, comprising a challenge value, to the SIP server; in response to conveying the authorization header, receiving a responsive authorization header, comprising a new challenge value, from the SIP server; storing a portion of the received authorization header; and pre-emptively sending a new authorization header, based on the stored portion of the received authorization header, to the SIP server without first receiving another new challenge value from the SIP server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for providing an integrated and mutual authentication in a communication network, the method comprising:
-
at a SIP server; receiving a service ticket from a SIP client, wherein the service ticket is encrypted with a SIP service key shared between the SIP server and a Kerberos authentication server by a key distribution center in response to a security credential received by the key distribution center from the SIP client, and wherein the service ticket includes a session key; decrypting the service ticket using the SIP service key shared between the SIP server and the Kerberos authentication server; storing the session key; utilizing the session key for mutual digest authentication between the SIP client and the SIP server; receiving an authorization header, comprising a challenge value, from the SIP client; storing the challenge value; conveying a responsive authorization header, comprising a new challenge value, to the SIP client; and receiving a new authorization header, based on a portion of the conveyed authorization header, from the SIP client without first conveying another new challenge value to the SIP client. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification