Apparatus, method, system and program for secure communication

US 8,924,722 B2
Filed: 04/07/2008
Issued: 12/30/2014
Est. Priority Date: 04/07/2008
Status: Active Grant

First Claim

Patent Images

1. A method for secure communication which comprises:

sending an invite message over a secure signalling path to a recipient, the invite message including a key derivation value to be used as input to a key derivation function for deriving at least one key for protecting information for secure communication, or including no key derivation value, the invite message further comprising an indication indicating how the value or the absence of the value is to be used for deriving a master key upon which at least one key for encryption of media traffic encryption is based wherein at least one of a sender endpoint and the recipient select at least one of the indication and a replacement indication to replace the indication from a plurality of modes for deriving one or more keys according to the indication.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments provide an apparatus, method, product and storage medium for secure communication, wherein a message is sent over a secure signalling path to a recipient, the message including a value indicating a key for encrypting or decrypting information for secure communication, or a key derivation value for deriving a key. The message further includes an indication indicating the type of usage of the value. The receiver of the message may return a message which also includes a key or key derivation value and an indication indicating the type of key or type of usage of the value.

12 Citations

View as Search Results

24 Claims

1. A method for secure communication which comprises:
- sending an invite message over a secure signalling path to a recipient, the invite message including a key derivation value to be used as input to a key derivation function for deriving at least one key for protecting information for secure communication, or including no key derivation value, the invite message further comprising an indication indicating how the value or the absence of the value is to be used for deriving a master key upon which at least one key for encryption of media traffic encryption is based wherein at least one of a sender endpoint and the recipient select at least one of the indication and a replacement indication to replace the indication from a plurality of modes for deriving one or more keys according to the indication.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method in accordance with claim 1, wherein the indication indicates at least one of:
    - the value is to be used as key for protecting media traffic to be sent by the sender of the invite message,the value is to be used as key for protecting media traffic to be received by the sender of the invite message,the value is to be used as input to a key derivation function to derive a key for protecting media traffic to be sent by the sender of the invite message or to be received by the sender of the invite message,the value is to be used as input to a key derivation function to derive keys for protecting media in sending and receiving directions,no value is provided.
  - 3. The method in accordance with claim 2, wherein a sender of the invite message receives a return message comprising:
    - a return message value indicating a return message key for protecting information for secure communication, or a return message key derivation value for deriving at least one key for protecting information for secure communication, anda return message indication indicating the type of usage of the return message value comprised in the return message.
  - 4. The method in accordance with claim 2, wherein a sender of the invite message receives a return message comprising:
    - a return message value indicating a key for protecting information for secure communication, or a return message key derivation value for deriving at least one key for protecting information for secure communication, anda return message value indication indicating the type of usage of the return message value comprised in the return message.
  - 5. The method in accordance with claim 4, wherein the return message indication comprised in the return message indicates at least one of:
    - the return message value is to be used as master key for protecting media traffic to be sent by the sender of the return message,the return message value is to be used as master key for protecting media traffic to be received by the sender of the return message,the return message value is to be used as input to a key derivation function to derive a master key for protecting media traffic to be sent by the sender of the return message or to be received by the sender of the return message,the return message value is to be used as input to a key derivation function to derive master keys for protecting media in sending and receiving directions,no value is provided.
  - 6. The method in accordance with claim 1, whereina first message which is an invite message is sent which comprises an indication indicating that the value is to be used as an input to a key derivation function to derive a key, and a second message which is a return message, is received, the return message comprising a return message indication indicating that a return message value transmitted in the return message is to be used as an additional input to the key derivation function, whereby the key derivation function is used to derive two different keys to protect traffic in both directions;
    - ora first message which is an invite message is sent which comprises an indication indicating that the value transmitted in this message is to be used as an input to a key derivation function to derive a key, and a second message which is a return message is received which comprises the return message indication indicating that the return message value transmitted in the second, return message is to be used on the one hand as an additional input to the key derivation function to derive a key to protect traffic sent to the sender of the second, return message, and on the other hand as a key to protect traffic sent by the sender of the return message;
      
      ora first message which is an invite message is sent which comprises an indication indicating that no value is transmitted in this message, and a second, return message is received which comprises the return message indication indicating that the return message value transmitted in the return message is to be used as an input to a key derivation function to derive two different keys to protect traffic in both directions;
      
      ora first message which is an invite message is sent which comprises an indication indicating that the value transmitted in this message is to be used as an input to a key derivation function to derive keys to protect traffic in both directions, and a second, return message is received which comprises the return message indication indicating that the return message value transmitted in the second, return message is to be used as a key to protect traffic sent by the sender of the second, return message, wherein this key replaces the previously derived key for this direction;
      
      ora first message which is an invite message is sent which comprises an indication indicating that the value transmitted in the first message is to be used as a key to protect traffic to be sent to the sender of the first message, and a second message which is a return message is received which comprises the return message indication indicating that the return message value transmitted in the second, return message is to be used as an input to a key derivation function to derive keys to protect traffic in both directions, wherein one of these keys replaces the key transmitted in the first message.
  - 7. The method in accordance with claim 1, wherein at least one of early media, forking, retargeting, and multicast is supported in the secure communication.
  - 8. The method in accordance with claim 1, wherein the method is implemented in an Internet protocol based multimedia environment using a session initiation protocol.
  - 9. The method in accordance with claim 1, wherein a key for receiving early media provided in a signaling message or derived from a value provided in a signaling message is overwritten later by another key provided in an answering signaling message or derived from a value provided in an answering signaling message.
  - 10. The method in accordance with claim 1, wherein session description protocol security descriptions are used without change of protocol syntax.
  - 11. The method in accordance with claim 1, wherein:
    - the indication indicates that either the value or lack of value is to be used in protecting media traffic in sending or receiving or both directions as key or as input to a key derivation function to derive a key;
      
      the sender of the invite message receives a return message comprising;
      
      a return value or lack of return value indicating a return key for protecting media traffic or a return key derivation value for deriving at least one key for protecting media traffic, anda return indication indicating the type of usage of the return value; and
      
      the return indication indicates that either the return value or lack of return value is to be used in protecting media traffic in sending or receiving or both directions as key or as input to a key derivation function to derive a key; and
      
      the method further comprises;
      
      determining a plurality of keys from a plurality of values, indications, return values, and return indications;
      
      encrypting media traffic transmitted using one of the plurality of keys; and
      
      decrypting media traffic received using another of the plurality of keys.

12. A method for secure communication, comprising receiving an invite message over a secure signalling path from a sender, the invite message including a key derivation value to be used as input to a key derivation function for deriving at least one key for protecting information for secure communication, or including no key derivation value, the invite message further comprising an indication indicating how the value or the absence of the value is to be used for deriving a master key upon which at least one key for encryption of media traffic encryption is based wherein at least one of the sender and a recipient endpoint select at least one of the indication and a replacement indication to replace the indication from a plurality of modes for deriving one or more keys according to the indication.

13. An apparatus for secure communication, comprising:
- at least one processor; and
  
  at least one memory including computer program code,the at least one memory and the computer program code being configured, with the at least one processor, to cause the apparatus to perform at least the following;
  
  to send a an invite message over a secure signalling path to a recipient, the invite message including a key derivation value to be used as input to a key derivation function for deriving at least one key for protecting information for secure communication, or including no key derivation value, the invite message further comprising an indication how the value or absence of value is to be used for deriving a master key upon which at least one key for encryption of media traffic encryption is based wherein at least one of the apparatus and the recipient select at least one of the indication and a replacement indication to replace the indication from a plurality of modes for deriving one or more keys according to the indication.
- View Dependent Claims (14, 15)
- - 14. The apparatus in accordance with claim 13, wherein a sender of the message is configured to receive a return message comprising a return message value indicating a return message key for protecting information for secure communication, or a return message key derivation value for deriving at least one key for protecting information for secure communication, the return message further comprising a return message indication indicating the type of usage of the return message value comprised in the return message.
  - 15. The apparatus in accordance with claim 14, wherein the return message indication comprised in the return message indicates at least one of:
    - the return message value is to be used as master key for protecting media traffic to be sent by the sender of the return message, the return message value is to be used as master key for protecting media traffic to be received by the sender of the return message, the return message value is to be used as input to a key derivation function to derive a master key for protecting media traffic to be sent by the sender of the return message or to be received by the sender of the return message, the return message value is to be used as input to a key derivation function to derive master keys for protecting media in sending and receiving directions, no value is provided.

16. An apparatus for secure communication, comprisingat least one processor;
- andat least one memory including computer program code,the at least one memory and the computer program code being configured, with the at least one processor, to cause the apparatus to perform at least the following;
  
  to receive an invite message over a secure signalling path from a sender, the invite message including a key derivation value to be used as input to a key derivation function for deriving at least one key for protecting information for secure communication, or including no key derivation value, the invite message further comprising an indication how the value or the absence of the value is to be used for deriving a master key upon which at least one key for encryption of media traffic encryption is based wherein at least one of the sender and the apparatus select at least one of the indication and a replacement indication to replace the indication from a plurality of modes for deriving one or more keys according to the indication.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. The apparatus in accordance with claim 16, wherein the indication indicates at least one of:
    - the value is to be used as master key for protecting media traffic to be sent by the sender of the message,the value is to be used as master key for protecting media traffic to be received by the sender of the message,the value is to be used as input to a key derivation function to derive a master key for protecting media traffic to be sent by the sender of the message or to be received by the sender of the message,the value is to be used as input to a key derivation function to derive master keys for protecting media in sending and receiving directions, no value is provided.
  - 18. The apparatus in accordance with claim 16, wherein a receiver of the message is configured to return a return message comprising a return message value indicating a return message key for protecting information for secure communication, or a return message key derivation value for deriving at least one key for protecting information for secure communication, the return message further comprising a return message indication indicating the type of usage of the return message value comprised in the return message.
  - 19. The apparatus in accordance with claim 16, wherein the at least one memory and the computer program code are further configured, with the at least one processor, to cause the apparatus to perform at least the following:
    - to receive a first message which is an invite message which comprises an indication indicating that the value is to be used as an input to a key derivation function to derive a key, andto send a second message which is a return message, the return message comprising a return message indication indicating that a return message value transmitted in the return message is to be used as an additional input to the key derivation function, whereby the key derivation function is used to derive two different keys to protect traffic in both directions;
      
      orto receive a first message which is an invite message which comprises an indication indicating that the value transmitted in this message is to be used as an input to a key derivation function to derive a key, andto send a second message which is a return message which comprises a return message indication indicating that a return message value transmitted in the return message is to be used on the one hand as an additional input to the key derivation function to derive a key to protect traffic received by the sender of the return message, and on the other hand as a key to protect traffic received from the sender of the return message;
      
      orto receive a first message which is an invite message which comprises an indication indicating that no value is transmitted in this message, andto send a second, return message which comprises a return message indication indicating that a return message value transmitted in the return message is to be used as an input to a key derivation function to derive two different keys to protect traffic in both directions;
      
      orto receive a first message which is an invite message which comprises an indication indicating that the value transmitted in this message is to be used as an input to a key derivation function to derive keys to protect traffic in both directions, andto send a second, return message which comprises a return message indication indicating that a return message value transmitted in the second, return message is to be used as a key to protect traffic sent by the sender of the second, return message, wherein this key is configured to replace the previously derived key for this direction;
      
      orto receive a first message which is an invite message which comprises an indication indicating that the value transmitted in the first message is to be used as a key to protect traffic to be sent to the sender of the first message, andto send a second message which is a return message which comprises a return message indication indicating that a second return value transmitted in the second, return message is to be used as an input to a key derivation function to derive keys to protect traffic in both directions, wherein one of these keys is configured to replace the key transmitted in the first message.
  - 20. The apparatus in accordance with claim 16, wherein the apparatus is configured to support at least one of early media, forking, retargeting, and multicast in the secure communication.
  - 21. The apparatus in accordance with claim 16, wherein the apparatus is configured to be used in an Internet protocol based multimedia environment using a session initiation protocol.
  - 22. The apparatus in accordance with claim 16, wherein the apparatus is configured to overwrite a key for receiving early media provided in a signaling message or derived from a value provided in a signaling message, by another key provided in an answering signaling message or derived from a value provided in an answering signaling message.
  - 23. The apparatus in accordance with claim 16, wherein the apparatus is at least one of a terminal, mobile station, user equipment, module, and chipset.

24. Computer program product comprising a non-transitory computer-readable storage medium bearing computer program code embodied therein for use with a computer, that, when executed by a computer, performs:
- sending an invite message over a secure signalling path to a recipient, the invite message including a key derivation value to be used as input to a key derivation function for deriving at least one key for protecting information for secure communication, or including no key derivation value, the invite message further comprising an indication indicating how the value or the absence of the value is to be used for protecting the information for deriving a master key upon which at least one key for encryption of media traffic encryption is based wherein at least one of a sending endpoint and the recipient select at least one of the indication and a replacement indication to replace the indication from a plurality of modes for deriving one or more keys according to the indication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
HMD Global Oy
Original Assignee
Nokia Solutions and Networks US LLC (Nokia Corporation)
Inventors
Horn, Guenther, Schneider, Peter
Primary Examiner(s)
Whipple, Brian P

Application Number

US12/865,162
Publication Number

US 20110004757A1
Time in Patent Office

2,458 Days
Field of Search

713/168
US Class Current

713/168
CPC Class Codes

H04L 63/062 for key distribution, e.g. ...

Apparatus, method, system and program for secure communication

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

12 Citations

24 Claims

Specification

Use Cases

Quick Links

Others

Apparatus, method, system and program for secure communication

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

24 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others