CA2371811A1 - Method and apparatus for enhanced security in a broadband telephony network - Google Patents
Method and apparatus for enhanced security in a broadband telephony network Download PDFInfo
- Publication number
- CA2371811A1 CA2371811A1 CA002371811A CA2371811A CA2371811A1 CA 2371811 A1 CA2371811 A1 CA 2371811A1 CA 002371811 A CA002371811 A CA 002371811A CA 2371811 A CA2371811 A CA 2371811A CA 2371811 A1 CA2371811 A1 CA 2371811A1
- Authority
- CA
- Canada
- Prior art keywords
- provisioning server
- encrypted
- key
- user
- telephony interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/64—Hybrid switching systems
- H04L12/6418—Hybrid transport
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M7/00—Arrangements for interconnection between switching centres
- H04M7/006—Networks other than PSTN/ISDN providing telephone service, e.g. Voice over Internet Protocol (VoIP), including next generation networks with a packet-switched transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/64—Hybrid switching systems
- H04L12/6418—Hybrid transport
- H04L2012/6472—Internet
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/64—Hybrid switching systems
- H04L12/6418—Hybrid transport
- H04L2012/6475—N-ISDN, Public Switched Telephone Network [PSTN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/64—Hybrid switching systems
- H04L12/6418—Hybrid transport
- H04L2012/6478—Digital subscriber line, e.g. DSL, ADSL, HDSL, XDSL, VDSL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/64—Hybrid switching systems
- H04L12/6418—Hybrid transport
- H04L2012/6481—Speech, voice
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M2203/00—Aspects of automatic or semi-automatic exchanges
- H04M2203/60—Aspects of automatic or semi-automatic exchanges related to security aspects in telephonic communication systems
- H04M2203/609—Secret communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M2207/00—Type of exchange or network, i.e. telephonic medium, in which the telephonic communication takes place
- H04M2207/20—Type of exchange or network, i.e. telephonic medium, in which the telephonic communication takes place hybrid systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M3/00—Automatic or semi-automatic exchanges
- H04M3/20—Automatic or semi-automatic exchanges with means for interrupting existing connections; with means for breaking-in on conversations
- H04M3/205—Eavesdropping prevention - indication of insecurity of line or network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M7/00—Arrangements for interconnection between switching centres
- H04M7/12—Arrangements for interconnection between switching centres for working between exchanges having different types of switching equipment, e.g. power-driven and step by step or decimal and non-decimal
Abstract
The broadband telephony interface is provisioned by receiving information authenticating a provisioning server, establishing a communication channel between the user and the provisioning server over which is transmitted authorization information from the user to the provisioning server, and encrypting and transmitting a cryptographic key associated with the user to the provisioning server. The cryptographic key can be a symmetric key or a public key corresponding to a private key stored in the broadband telephony interface. The cryptographic key can be utilized to generate other keys whic h are utilized to secure communication channels for the telephony service. The broadband telephony interface advantageously can be implemented as untrusted hardware or software that is installed by a customer.
Description
llV'1'r:KNA'1'lUNAL Interna~t'onal SEAR(:H Appllcatlon REPORT No PCT/US
C.(Contlnuatlon) DOCUMENTS
CONSIDERED
TO
BE
RELEVANT
CategoryCitation of document, with indication,where Relevant to appropaate, of the relevant passages claim No.
A FR 2 709 903 A (THOMSON CSF) 1-33 17 March 1995 (1995-03-17) claims 1,4 page 7, line 28 -page 9, line 23 page 10, line 26 -page 11, line 25 page 13, line 21-35 A CLAASSEN G J ET AL: "SECURE COMMUNICATION 1-33 PROCEDURE FOR ISDN"
PROCEEDINGS SOUTHERN AFRICAN CONFERENCE
ON
COMMUNICATIONS AND SIGNAL
PROCESSING,US,IEEE, NEW YORK, NY, 24 June 1988 (1988-06-24), pages 165-170, page 167, left-hand column, line 23 -page 168, left-hand column, line 19 page 169, left-hand column, line 19 -page 170, left-hand column, line 32 Forth PCT~ISA/2t0 (continuation of second sheet) (July t992) CA 02371811 2001-08-27 page 2 of 2 INTERNATi()NAL SFAR('H RFPWRT
Fam PCT/ISIV2t0 (patent family anne><I (July t 992)
C.(Contlnuatlon) DOCUMENTS
CONSIDERED
TO
BE
RELEVANT
CategoryCitation of document, with indication,where Relevant to appropaate, of the relevant passages claim No.
A FR 2 709 903 A (THOMSON CSF) 1-33 17 March 1995 (1995-03-17) claims 1,4 page 7, line 28 -page 9, line 23 page 10, line 26 -page 11, line 25 page 13, line 21-35 A CLAASSEN G J ET AL: "SECURE COMMUNICATION 1-33 PROCEDURE FOR ISDN"
PROCEEDINGS SOUTHERN AFRICAN CONFERENCE
ON
COMMUNICATIONS AND SIGNAL
PROCESSING,US,IEEE, NEW YORK, NY, 24 June 1988 (1988-06-24), pages 165-170, page 167, left-hand column, line 23 -page 168, left-hand column, line 19 page 169, left-hand column, line 19 -page 170, left-hand column, line 32 Forth PCT~ISA/2t0 (continuation of second sheet) (July t992) CA 02371811 2001-08-27 page 2 of 2 INTERNATi()NAL SFAR('H RFPWRT
Fam PCT/ISIV2t0 (patent family anne><I (July t 992)
Claims (33)
1. A method of provisioning a user's broadband telephony interface comprising the steps of:
receiving information authenticating a provisioning server;~
establishing a communication channel between the user and the provisioning server over which is transmitted authorization information from the user to the provisioning server; and encrypting and transmitting a cryptographic key associated with the user to the provisioning server.
receiving information authenticating a provisioning server;~
establishing a communication channel between the user and the provisioning server over which is transmitted authorization information from the user to the provisioning server; and encrypting and transmitting a cryptographic key associated with the user to the provisioning server.
2. The method of claim 1 wherein the communication channel is a voice channel connection.
3. The method of claim 2 wherein the communication channel is encrypted using an audio channel key which is encrypted and transmitted to the provisioning server prior to establishing the communication channel.
4. The method of claim 3 wherein the cryptographic key associated with the user is encrypted using a session key which is encrypted and transmitted to the provisioning server prior to establishing the communication channel.
5. The method of claim 4 wherein the session key and the audio channel key are encrypted using a cryptographic key that is encrypted using a cryptographic key associated with the provisioning server and transmitted to the provisioning server with the encrypted session and audio channel key.
6. The method of claim 5 wherein the cryptographic key associated with the provisioning server is received with the information authenticating the provisioning server.
7. The method of claim 6 wherein a random nonce is included with the encrypted session key.
8. The method of claim 1 wherein the information authenticating the provisioning server is a digital certificate.
9. The method of claim 1 wherein the cryptographic key associated with the user is a symmetric key.
10. The method of claim 1 wherein the cryptographic key associated with the user is a public key corresponding to a private key stored in the broadband telephony interface.
11. The method of claim 1 wherein a hash is included with each transmission.
12. A broadband telephony interface comprising:
a first interface to a user telephone;
a second interface to a communication network with access to a provisioning server;
memory for storing cryptographic keys;
a processor connected to the memory and the first and second interfaces for executing program instructions, the program instructions causing the processor to perform the steps of:
receiving information authenticating the provisioning server;
establishing a communication channel between the user telephone and the provisioning server over which is transmitted authorization information from the user to the provisioning server; and encrypting and transmitting a cryptographic key associated with the user to the provisioning server.
a first interface to a user telephone;
a second interface to a communication network with access to a provisioning server;
memory for storing cryptographic keys;
a processor connected to the memory and the first and second interfaces for executing program instructions, the program instructions causing the processor to perform the steps of:
receiving information authenticating the provisioning server;
establishing a communication channel between the user telephone and the provisioning server over which is transmitted authorization information from the user to the provisioning server; and encrypting and transmitting a cryptographic key associated with the user to the provisioning server.
13. The broadband telephony interface of claim 12 wherein the communication channel is a voice channel connection.
14. The broadband telephony interface of claim 13 wherein the communication channel is encrypted using an audio channel key which is encrypted and transmitted to the provisioning server prior to establishing the communication channel.
15. The broadband telephony interface of claim 14 wherein the cryptographic key associated with the user is encrypted using a session key which is encrypted and transmitted to the provisioning server prior to establishing the communication channel.
16. The broadband telephony interface of claim 15 wherein the session key and the audio channel key are encrypted using a cryptographic key that is encrypted using a cryptographic key associated with the provisioning server and transmitted to the provisioning server with the encrypted session and audio channel key.
17. The broadband telephony interface of claim 16 wherein the cryptographic key associated with the provisioning server is received with the information authenticating the provisioning server.
18. The broadband telephony interface of claim 17 wherein a random nonce is included with the encrypted session key.
19. The broadband telephony interface of claim 12 wherein the information authenticating the provisioning server is a digital certificate.
20. The broadband telephony interface of claim 12 wherein the cryptographic key associated with the user is a symmetric key.
21. The broadband telephony interface of claim 12 wherein the cryptographic key associated with the user is a public key corresponding to a private key stored in the broadband telephony interface.
22. The broadband telephony interface of claim 12 wherein a hash is included with each transmission.
23. A method of operating a provisioning server comprising the steps of:
receiving a request to be provisioned from a broadband telephony interface;
transmitting authentication information to the broadband telephony interface;
receiving authorization information over a communication channel established between a user of the broadband telephony interface and the provisioning server; and receiving an encrypted cryptographic key associated with the user from the broadband telephony interface.
receiving a request to be provisioned from a broadband telephony interface;
transmitting authentication information to the broadband telephony interface;
receiving authorization information over a communication channel established between a user of the broadband telephony interface and the provisioning server; and receiving an encrypted cryptographic key associated with the user from the broadband telephony interface.
24. The method of claim 23 wherein the communication channel is a voice channel connection.
25. The method of claim 24 wherein the communication channel is encrypted using an audio channel key which is received from the broadband telephony interface prior to establishing the communication channel.
26. The method of claim 25 wherein the cryptographic key associated with the user is encrypted using a session key which is received from the broadband telephony interface prior to establishing the communication channel.
27. The method of claim 26 wherein a cryptographic key associated with the provisioning server is transmitted to the broadband telephony interface and the session key and the audio channel key are received encrypted using the cryptographic key associated with the provisioning server.
28. The method of claim 27 wherein the cryptographic key associated with the provisioning server is transmitted with the authentication information to the broadband telephony interface.
29. The method of claim 28 wherein a random nonce is included with encrypted session key and audio channel key.
30. The method of claim 23 wherein the authentication information is a digital certificate.
31. The method of claim 23 wherein the cryptographic key associated with the user is a symmetric key.
32. The method of claim 23 wherein the cryptographic key associated with the user is a public key corresponding to a private key stored in the broadband telephony interface.
33. The method of claim 23 wherein a hash is included with each transmission.
Applications Claiming Priority (5)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US12248199P | 1999-03-01 | 1999-03-01 | |
| US60/122,481 | 1999-03-01 | ||
| US12947699P | 1999-04-15 | 1999-04-15 | |
| US60/129,476 | 1999-04-15 | ||
| PCT/US2000/005520 WO2000052905A2 (en) | 1999-03-01 | 2000-03-01 | Method and apparatus for enhanced security in a broadband telephony network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA2371811A1 true CA2371811A1 (en) | 2000-09-08 |
Family
ID=26820561
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002371811A Abandoned CA2371811A1 (en) | 1999-03-01 | 2000-03-01 | Method and apparatus for enhanced security in a broadband telephony network |
Country Status (4)
| Country | Link |
|---|---|
| EP (1) | EP1157521A2 (en) |
| BR (1) | BR0008457A (en) |
| CA (1) | CA2371811A1 (en) |
| WO (1) | WO2000052905A2 (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7444407B2 (en) | 2000-06-29 | 2008-10-28 | Transnexus, Inc. | Intelligent end user devices for clearinghouse services in an internet telephony system |
| US7203956B2 (en) | 1999-12-22 | 2007-04-10 | Transnexus, Inc. | System and method for the secure enrollment of devices with a clearinghouse server for internet telephony and multimedia communications |
| EP1319281B1 (en) | 2000-09-11 | 2007-05-09 | TransNexus, Inc. | Clearinghouse server for internet telephony and multimedia communications |
| US7525956B2 (en) | 2001-01-11 | 2009-04-28 | Transnexus, Inc. | Architectures for clearing and settlement services between internet telephony clearinghouses |
| WO2005089147A2 (en) | 2004-03-11 | 2005-09-29 | Transnexus, Inc. | Method and system for routing calls over a packet switched computer network |
| US8238329B2 (en) | 2005-12-13 | 2012-08-07 | Transnexus, Inc. | Method and system for securely authorizing VoIP interconnections between anonymous peers of VoIP networks |
| US8924722B2 (en) | 2008-04-07 | 2014-12-30 | Nokia Siemens Networks Oy | Apparatus, method, system and program for secure communication |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE3919734C1 (en) * | 1989-06-16 | 1990-12-06 | Siemens Ag, 1000 Berlin Und 8000 Muenchen, De | |
| FR2709903B1 (en) * | 1993-09-10 | 1995-10-20 | Thomson Csf | Method and device for securing communications using a digital network with integrated services. |
| DE4416595C2 (en) * | 1994-05-11 | 1999-10-28 | Deutsche Telekom Ag | Process for securing encrypted confidential information transfers |
| DE19521484A1 (en) * | 1995-06-13 | 1996-12-19 | Deutsche Telekom Ag | Method and device for authenticating subscribers to digital switching centers |
-
2000
- 2000-03-01 WO PCT/US2000/005520 patent/WO2000052905A2/en active Application Filing
- 2000-03-01 CA CA002371811A patent/CA2371811A1/en not_active Abandoned
- 2000-03-01 BR BR0008457-3A patent/BR0008457A/en not_active Application Discontinuation
- 2000-03-01 EP EP00916018A patent/EP1157521A2/en not_active Withdrawn
Also Published As
| Publication number | Publication date |
|---|---|
| WO2000052905A3 (en) | 2000-12-28 |
| EP1157521A2 (en) | 2001-11-28 |
| BR0008457A (en) | 2004-06-01 |
| WO2000052905A2 (en) | 2000-09-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1161806B1 (en) | Key management for telephone calls to protect signaling and call packets between cta's | |
| FI108690B (en) | Payroll of speech and of control messages in cell systems | |
| US7464267B2 (en) | System and method for secure transmission of RTP packets | |
| JP2589030B2 (en) | Mobile station authentication method | |
| FI108590B (en) | Mobile phone encryption system | |
| US5410602A (en) | Method for key management of point-to-point communications | |
| JP3513054B2 (en) | Method for securing airborne communications in wireless systems | |
| US5222140A (en) | Cryptographic method for key agreement and user authentication | |
| US8976968B2 (en) | Intercepting a communication session in a telecommunication network | |
| US8526616B2 (en) | Method for payload encryption of digital voice or data communications | |
| CN100373991C (en) | Enciphered consulating method for speech-sound communication in grouped network | |
| US20070083918A1 (en) | Validation of call-out services transmitted over a public switched telephone network | |
| US9363034B2 (en) | Method to encrypt information that is transferred between two communication units | |
| CN102572817B (en) | Method and intelligent memory card for realizing mobile communication confidentiality | |
| CN100466805C (en) | Method for end-to-end enciphoring voice telecommunication | |
| CN102202299A (en) | Realization method of end-to-end voice encryption system based on 3G/B3G | |
| CN111556501A (en) | Trusted communication system and method | |
| CN101001143A (en) | Method for authenticating system equipment by terminal equipment | |
| CA2371811A1 (en) | Method and apparatus for enhanced security in a broadband telephony network | |
| CN106559402B (en) | User terminal and identity authentication method and device for encrypted voice telephone service thereof | |
| CN1177431C (en) | Method and mobile device for end-to-end enciphere | |
| CN113099444B (en) | Information transmission method and system for protecting privacy | |
| CN110740129A (en) | telephone network communication protection method based on end-to-end authentication | |
| CN113472953B (en) | E-commerce platform privacy number voice communication method and system | |
| CN217406556U (en) | Anti-quantum-computation mobile communication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request | ||
| FZDE | Discontinued |