Method and apparatus to provide cryptographic identity assertion for the PSTN
First Claim
Patent Images
1. An apparatus encoded with instructions that, if executed, result in:
- receiving a first communication over a first call path that traverses a Publicly Switched Telephone Network (PSTN) and that originates from an endpoint, the first communication including a PSTN identity assertion generated by a device operating in the PSTN;
receiving a second communication over a second different call path originating from the same endpoint, wherein the second different call path extends over a packet switched network and includes a packet switched identity assertion inserted in a session initiation protocol message header by a packet switched network device, wherein the packet switched identity assertion is a session initiation protocol identity; and
authenticating the PSTN identity assertion using the packet switched identity assertion, wherein the apparatus determines if the PSTN identity assertion is false based on information from the packet switched identity assertion.
1 Assignment
0 Petitions
Accused Products
Abstract
The present application provides an authentication scheme that allows a device to provide additional authentication of a Publicly Switched Telephone Network (PSTN) identity assertion made in a PSTN call by also sending an Internet Protocol (IP) communication. The device sends the IP communication generally in parallel with the PSTN call. The IP communication includes a network identity assertion, which optionally may be authenticated using a cryptographically secure technique. The network identity assertion, being more difficult to falsify, provides additional authentication of the PSTN identity assertion.
30 Citations
9 Claims
-
1. An apparatus encoded with instructions that, if executed, result in:
-
receiving a first communication over a first call path that traverses a Publicly Switched Telephone Network (PSTN) and that originates from an endpoint, the first communication including a PSTN identity assertion generated by a device operating in the PSTN; receiving a second communication over a second different call path originating from the same endpoint, wherein the second different call path extends over a packet switched network and includes a packet switched identity assertion inserted in a session initiation protocol message header by a packet switched network device, wherein the packet switched identity assertion is a session initiation protocol identity; and authenticating the PSTN identity assertion using the packet switched identity assertion, wherein the apparatus determines if the PSTN identity assertion is false based on information from the packet switched identity assertion. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An apparatus encoded with instructions that, if executed, result in:
-
receiving a first communication over a first call path that traverses a Publicly Switched Telephone Network (PSTN) and that originates from an endpoint, the first communication including a PSTN identity assertion generated by a device operating in the PSTN; receiving a second communication over a second different call path originating from the same endpoint, wherein the second different call path extends over a packet switched network and includes a packet switched identity assertion inserted into a session initiation protocol (SIP) message header by a packet switched network device, wherein the packet switched identity assertion is a SIP identity; authenticating the PSTN identity assertion using the packet switched identity assertion; sending the PSTN identity assertion from the first communication to a database that correlates phone numbers with other identities; receiving back a response from the database and extracting an identity there from; comparing the extracted identity to the packet switched identity assertion from the second communication; and initiating a Secure Real Time Protocol (SRTP)-over-PSTN communication exchange with a device associated with the packet switched identity assertion of the PSTN identity assertion is authenticated.
-
-
7. A method, comprising:
-
receiving an indication that a local device has established a call originating from the local device having a first path that traverses the Publicly Switched Telephone Network (PSTN); in response to receiving the indication that the local device has established the call, generating a communication using a packet switched signaling protocol and sending the communication to a called endpoint of the call over a second different path that extends over at least one packet switched network for use by the called endpoint, wherein the second different path circumvents the PSTN; wherein the communication contains information for correlating a packet switched identity assertion included in a session initiation protocol (SIP) message header of the packet switched communication with a PSTN identity assertion included in the PSTN call, wherein the packet switched identity assertion is a SIP identity; and authenticating the PSTN identity assertion using the packet switched identity assertion, wherein an apparatus determines if the PSTN identity assertion is false based on information from the packet switched identity assertion. - View Dependent Claims (8, 9)
-
Specification