WO2000052905A2 - Procede et appareil permettant d'ameliorer la securite dans un reseau telephonique large bande - Google Patents
Procede et appareil permettant d'ameliorer la securite dans un reseau telephonique large bande Download PDFInfo
- Publication number
- WO2000052905A2 WO2000052905A2 PCT/US2000/005520 US0005520W WO0052905A2 WO 2000052905 A2 WO2000052905 A2 WO 2000052905A2 US 0005520 W US0005520 W US 0005520W WO 0052905 A2 WO0052905 A2 WO 0052905A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- provisioning server
- key
- user
- encrypted
- telephony interface
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/64—Hybrid switching systems
- H04L12/6418—Hybrid transport
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M7/00—Arrangements for interconnection between switching centres
- H04M7/006—Networks other than PSTN/ISDN providing telephone service, e.g. Voice over Internet Protocol (VoIP), including next generation networks with a packet-switched transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/64—Hybrid switching systems
- H04L12/6418—Hybrid transport
- H04L2012/6472—Internet
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/64—Hybrid switching systems
- H04L12/6418—Hybrid transport
- H04L2012/6475—N-ISDN, Public Switched Telephone Network [PSTN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/64—Hybrid switching systems
- H04L12/6418—Hybrid transport
- H04L2012/6478—Digital subscriber line, e.g. DSL, ADSL, HDSL, XDSL, VDSL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/64—Hybrid switching systems
- H04L12/6418—Hybrid transport
- H04L2012/6481—Speech, voice
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M2203/00—Aspects of automatic or semi-automatic exchanges
- H04M2203/60—Aspects of automatic or semi-automatic exchanges related to security aspects in telephonic communication systems
- H04M2203/609—Secret communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M2207/00—Type of exchange or network, i.e. telephonic medium, in which the telephonic communication takes place
- H04M2207/20—Type of exchange or network, i.e. telephonic medium, in which the telephonic communication takes place hybrid systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M3/00—Automatic or semi-automatic exchanges
- H04M3/20—Automatic or semi-automatic exchanges with means for interrupting existing connections; with means for breaking-in on conversations
- H04M3/205—Eavesdropping prevention - indication of insecurity of line or network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M7/00—Arrangements for interconnection between switching centres
- H04M7/12—Arrangements for interconnection between switching centres for working between exchanges having different types of switching equipment, e.g. power-driven and step by step or decimal and non-decimal
Definitions
- the present invention relates generally to communication networks, and more particularly to enhanced security in a broadband telephony network.
- Broadband communication networks provide a viable alternative to present local exchange carrier (LEC) loops in providing both voice and data transmission services.
- LEC local exchange carrier
- a variety of broadband network architectures have emerged as supporting Internet and telephony access: including cable distribution networks, ISDN (Integrated Services Digital Network), broadband ISDN, DSL ("Digital Subscriber Line”), ADSL, etc.
- BPI DOCSIS Baseline Privacy Interface
- BPI+ Baseline Privacy Interface Plus
- BPI+ DOCSIS 1.1 Baseline Privacy Interface Plus
- BPI+ adds authentication based on digital certificates that binds media access control addresses for cable modems to RSA public keys.
- DOCSIS cable modems must be pre-certified with cryptographic keys and/or certificates installed in the hardware at manufacturing time.
- DOCSIS cable modems undergo a registration process and a baseline privacy key exchange procedure that is used to establish a secure channel with the cable modem termination system (“CMTS”) at the head end.
- CMTS cable modem termination system
- the CMTS verifies a cable modem's public key by verifying the authenticity of the certificate.
- Use of encryption such as provided by BPI+ is essential for a shared medium access network such as cable.
- a broadband telephony architecture with enhanced security features is needed, with the overall goals of protecting the privacy of signaling and media traffic and of preventing theft of service.
- CALEA 1994
- This may include supplying signaling information and media streams to the authorities. If encryption keys are mediated by the service provider, they must also be supplied to the authorities.
- BTI broadband telephony interface
- the two ends can then use this key to establish a secure connection, and the BTI can send authorization information such as a credit card number over the secure connection.
- the cryptographic key can then be used to derive subsidiary keys that are used for subsequent communications.
- the BTI advantageously need not be a trusted or certified box; indeed, a software package executed on a personal computer can fulfill the same functions. This is in contrast to the cable modem, for example, which must be certified to ensure correct behavior and fair access to the medium.
- Fig. 1 is a diagram of a broadband communication network which can be utilized with an embodiment of the present invention.
- Fig. 2 is a block diagram of the components of a hardware broadband telephony interface configured for use with a preferred embodiment of the present invention.
- 120 Fig. 3 is an abstract diagram of a communication provisioning protocol in accordance with a preferred embodiment of the present invention. Detailed Description
- FIG. 1 a diagram of a broadband communication
- a packet-switched IP backbone 100 is shown connected to access networks 150 and 151, here shown as cable distribution networks, and to a more conventional telephony network 135, here shown as the public switched telephone network ("PSTN").
- PSTN public switched telephone network
- BTI broadband telephony interface
- the BTI 170 may be physically integrated with a cable modem (“CM") 160, as shown in Fig. 1, to provide the necessary functions to interface between one or more phone lines and the depicted cable access network 150.
- CM cable modem
- the cable modem 160 can also be used by other communication devices 180 (in Fig. 1
- the access network 150 terminates on a cable modem termination system (“CMTS”) 155 at a head end.
- CMTS cable modem termination system
- IP Internet Protocol
- ER Internet Protocol
- BTI Internet Protocol
- a "gate controller” 110 provides authentication, authorization, and call routing functions for calls originated by BTIs.
- the authentication information used by the gate controller is made available to it by a provisioning process that is described in
- the backbone provides connectivity to a provisioning server 140, which is involved in provisioning the BTI and other network elements.
- provisioning server 140 which is involved in provisioning the BTI and other network elements.
- the particular architecture set forth in Fig. 1 is for illustration purposes only and is further described in the following commonly assigned patent applications: Provisional Patent Application entitled "Telephony on a Broadband
- Fig. 1 Note that although a limited number of network entities are shown in Fig. 1 for simplicity of presentation, other network entities can obviously be included in the network - such as additional interface units, routers, controllers,
- Fig. 1 sets forth a particular broadband telephony architecture
- the security enhancements of the present invention are readily extendible to other architectures.
- the present invention can be utilized with broadband communication networks that do not use cable access networks but rather use
- DSL digital subscriber line
- ISDN Integrated Services Digital Network
- present invention can be utilized with other packet-switched architectures or with a hybrid network architecture.
- Fig. 2 sets forth a simplified block diagram of the components of a BTI, configured for use with the present invention.
- the BTI performs signaling
- Fig. 2 illustrates a hardware embodiment of a BTI 170 that can be a stand-alone device, can be integrated with a telephone 190 to create a standalone telephony device or can be integrated with an access device (e.g. the cable modem 160 in Fig. 1 or a set top box) to form a general network interface unit.
- the BTI in Fig. 2 comprises a processor 210 and hardware (here shown as a
- the processor 210 has access to memory 220 which stores data such as cryptographic keys 222 and the operating system 185 221 and program instructions necessary for the operation of the BTI.
- memory 220 which stores data such as cryptographic keys 222 and the operating system 185 221 and program instructions necessary for the operation of the BTI.
- the BTI also to have read only memory 230 which stores code downloading code (“CDC") 232 and the service provider's public key 231, as further discussed below. It is also advantageous for some of the data and code in memory 220 to be stored in some form of non- volatile memory so that
- the BTI 170 advantageously should be able to performing probabilistic computation, whether by hardware (e.g. a noisy diode), software (e.g. a pseudo-random generator with a good seed), or some combination. This is necessary for the BTI to be able to generate cryptographic keys and to perform
- the BTI 170 need not necessarily be under the direct control of the service provider, e.g. the entity operating the communication network.
- the BTI operated in accordance with the present invention, can be implemented as customer premises equipment that is untrusted
- the customer in other words, can purchase the BTI at a local store or can have the device shipped to her home.
- the BTI is implemented as software, it can be simply downloaded and installed on a computer pre-configured for access to the communication network.
- Fig. 3 illustrates security protocols to be utilized in the provisioning of a user who wishes to utilize the network.
- the following notation and abbreviations are used in the discussion:
- the cable modem 160 has undergone DOCSIS registration and the baseline privacy key exchange prior to the provisioning process described below.
- the cable modem 160 thus has a secure channel with the CMTS 155 at the head end.
- the network infrastructure beyond the head end is a managed backbone for which reasonable security precautions have been taken, e.g. to secure servers.
- the provisioning server 140 itself, since it manages keys, must be very well secured. Nevertheless, it is assumed that the BTI 170 cannot trust
- the threat model includes the possibility that a hostile intruder can masquerade as the cable head-end and fool the BTI into believing it is communicating with a legitimate service provider.
- cryptographic means are advantageously utilized to authenticate the service
- the objective of the provisioning process is for the service provider to securely establish an association between a customer account and a cryptographic key, where the key is available only to the BTI (and the provisioning server).
- the key can be used to authenticate key exchanges later.
- the key is a symmetric key, this means that the two sides share a string of random bits that
- 235 can be used as encryption and keys for message authentication codes (MAC). It is common to use different keys to encrypt and MAC in each direction , so if a 128- bit cipher is used, the provisioning scenario will result in at least 512 bits of shared random bits.
- the cryptographic key can be a public key rather than a symmetric key, where the corresponding private key is stored in the BTI.
- the service provider, SR is assumed to have a public/private key pair.
- the private key is stored in a safe place and there are strict procedures for accessing this key.
- the public key, Ksp + is stored in the memory of the BTI or built into the BTI, for example by burning the key into read only memory. If this public key turns out to be source of attack (e.g. attackers successfully substitute a
- the key can be further protected by storing it in tamper-resistant storage.
- a public key infrastructure whereby the service provider issues public key certificates for the provisioning servers, e.g. RS.
- public key certificates for the provisioning servers, e.g. RS.
- 250 key for the provisioning server is stored somewhere inside the network, and that when the BTI sends a message to the provisioning server, it is communicating with a secure location inside the network.
- the user obtains and installs the BTI, whether by merely plugging the device in or by installing software on a computer. The user picks up the phone
- a provisioning number e.g. 611
- the following messages as illustrated in Fig. 3, then take place.
- the values of the messages can be digitally signed or hashed, using a message authentication code (MAC) with each
- the BTI 170 receives the provisioning number:
- the BTI issues a SETUP message to the gate controller 110, which routes the call to a provisioning server 140 and returns a SETUP_ACK message containing the IP address of the provisioning server.
- the authentication information in the 270 SETUP message from the BTI can be null.
- the BTI 170 announces its existence to the provisioning server 140
- the provisioning server 140 provides its public key and certificate:
- Certificates are convenient here because they allow the BTI to store a public key, here the service provider's public key, and have confidence in another public key (here, the provisioning server's public key) if it carries a certificate signed by the private key corresponding to the service provider's public key stored in the BTI. 285 At step 304, the BTI 170 generates random symmetric keys, SK,
- 290 K is used to encrypt the message that is sent with a symmetric cipher.
- K itself is encrypted with the public key of PS to make sure nobody else can read it.
- SK is a session key that will be used for future communication with the provisioning server 170 for the remainder of the provisioning.
- AK is a symmetric key that is used to secure the audio channel. In practice, AK may actually be a master key
- the 300 information in the message such as the network address (Media Access Control address, IP address, etc.) of the broadband telephony interface 170.
- the network address Media Access Control address, IP address, etc.
- the provisioning server 140 acknowledges the registration request and proves knowledge of the session key:
- the session key is "good” and the network associates it with the particular IP endpoint.
- the BTI 170 sets up a voice connection with the 310 provisioning server 140 and uses the audio channel key, AK, to secure the voice path.
- the audio stream should be encrypted and protected using message authentication codes.
- the secure messages, M, on the audio channel are represented as ⁇ M ⁇ AK - A this point, the BTI 170 completes the setup of the voice connection to the provisioning server 140.
- the provisioning server 140 prompts the user for her authentication information:
- the authentication information can be implemented in many different ways.
- the authentication information can be a work order number that has been given to a customer (or to an installer) after the customer has subscribed for the service. The work order must be supplied when the BTI is provisioned to identify the customer account.
- the authentication information can be
- the audio stream is secured using AK from the PS 140 to the BTI 170, which converts it to an analog voice for the user.
- the user speaks or dials her authentication information
- the BTI 140 sends the authentication information over the secure 335 audio channel to the provisioning server 140:
- the BTI 140 generates a public/private key pair for the 340 user and sends the public key, Ky + , to the provisioning server 140.
- the provisioning server 140 associates the authentication information sent over 345 the secure audio channel with the public key, Ku + , sent over the secure control channel.
- the PS 140 can do this because (a) it is aware that both came from the same network address and (b) it successfully authenticates and decrypts both the audio and control channel information using the keys, AK and SK, which the PS knows are associated with the same broadband telephony interface 170.
- the PS 350 140 stores the BTI's public key for later usage and acknowledges receipt:
- the BTI 170 and the provisioning server 355 140 share a long-term symmetric key that the provisioning server can associate with the subscriber account.
- the BTI and PS may share up to 512 random bits to comprise four 128-bit encryption and MACing keys, as described above.
- the BTI 170 can generate a session key, sign it, and send it under the public key of the provisioning server 140 or the long-term key it 360 shares with the server in a similar manner. No interaction from the user is necessary to establish these future session keys.
Abstract
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP00916018A EP1157521A2 (fr) | 1999-03-01 | 2000-03-01 | Procede et appareil permettant d'ameliorer la securite dans un reseau telephonique large bande |
CA002371811A CA2371811A1 (fr) | 1999-03-01 | 2000-03-01 | Procede et appareil permettant d'ameliorer la securite dans un reseau telephonique large bande |
BR0008457-3A BR0008457A (pt) | 1999-03-01 | 2000-03-01 | Método de fornecimento de interface em uma rede de telefonia de banda larga |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12248199P | 1999-03-01 | 1999-03-01 | |
US60/122,481 | 1999-03-01 | ||
US12947699P | 1999-04-15 | 1999-04-15 | |
US60/129,476 | 1999-04-15 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2000052905A2 true WO2000052905A2 (fr) | 2000-09-08 |
WO2000052905A3 WO2000052905A3 (fr) | 2000-12-28 |
Family
ID=26820561
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2000/005520 WO2000052905A2 (fr) | 1999-03-01 | 2000-03-01 | Procede et appareil permettant d'ameliorer la securite dans un reseau telephonique large bande |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP1157521A2 (fr) |
BR (1) | BR0008457A (fr) |
CA (1) | CA2371811A1 (fr) |
WO (1) | WO2000052905A2 (fr) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001047232A2 (fr) * | 1999-12-22 | 2001-06-28 | Transnexus, Inc. | Systeme et procede permettant d'inscrire de maniere securisee des dispositifs aupres d'un serveur de bureau central afin d'effectuer des communications telephoniques sur internet et des communications multimedia |
US7444407B2 (en) | 2000-06-29 | 2008-10-28 | Transnexus, Inc. | Intelligent end user devices for clearinghouse services in an internet telephony system |
US7525956B2 (en) | 2001-01-11 | 2009-04-28 | Transnexus, Inc. | Architectures for clearing and settlement services between internet telephony clearinghouses |
WO2009124583A1 (fr) * | 2008-04-07 | 2009-10-15 | Nokia Siemens Networks Oy | Appareil, procédé, système et programme permettant une communication sécurisée |
US7743263B2 (en) | 2004-03-11 | 2010-06-22 | Transnexus, Inc. | Method and system for routing calls over a packet switched computer network |
US8289974B2 (en) | 2000-09-11 | 2012-10-16 | Transnexus, Inc. | Clearinghouse server for internet telephony and multimedia communications |
US10057303B2 (en) | 2005-12-13 | 2018-08-21 | Transnexus, Inc. | Method and system for securely authorizing VoIP interconnections between anonymous peers of VoIP networks |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5216715A (en) * | 1989-06-16 | 1993-06-01 | Siemens Aktiengesellschaft | Key distribution in public communication networks taking account of security gradations |
FR2709903A1 (fr) * | 1993-09-10 | 1995-03-17 | Thomson Csf | Procédé et dispositif de sécurisation de communications utilisant un réseau numérique à intégration de services. |
DE4416595A1 (de) * | 1994-05-11 | 1995-11-16 | Deutsche Bundespost Telekom | Verfahren zur Sicherung von verschlüsselten vertraulichen Informationsübertragungen |
DE19521484A1 (de) * | 1995-06-13 | 1996-12-19 | Deutsche Telekom Ag | Verfahren und Vorrichtung zur Authentisierung von Teilnehmern gegenüber digitalen Vermittlungsstellen |
-
2000
- 2000-03-01 BR BR0008457-3A patent/BR0008457A/pt not_active Application Discontinuation
- 2000-03-01 EP EP00916018A patent/EP1157521A2/fr not_active Withdrawn
- 2000-03-01 WO PCT/US2000/005520 patent/WO2000052905A2/fr active Application Filing
- 2000-03-01 CA CA002371811A patent/CA2371811A1/fr not_active Abandoned
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5216715A (en) * | 1989-06-16 | 1993-06-01 | Siemens Aktiengesellschaft | Key distribution in public communication networks taking account of security gradations |
FR2709903A1 (fr) * | 1993-09-10 | 1995-03-17 | Thomson Csf | Procédé et dispositif de sécurisation de communications utilisant un réseau numérique à intégration de services. |
DE4416595A1 (de) * | 1994-05-11 | 1995-11-16 | Deutsche Bundespost Telekom | Verfahren zur Sicherung von verschlüsselten vertraulichen Informationsübertragungen |
DE19521484A1 (de) * | 1995-06-13 | 1996-12-19 | Deutsche Telekom Ag | Verfahren und Vorrichtung zur Authentisierung von Teilnehmern gegenüber digitalen Vermittlungsstellen |
Non-Patent Citations (1)
Title |
---|
CLAASSEN G J ET AL: "SECURE COMMUNICATION PROCEDURE FOR ISDN" PROCEEDINGS SOUTHERN AFRICAN CONFERENCE ON COMMUNICATIONS AND SIGNAL PROCESSING,US,IEEE, NEW YORK, NY, 24 June 1988 (1988-06-24), pages 165-170, XP002028403 * |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9614971B2 (en) | 1999-06-29 | 2017-04-04 | Transnexus, Inc. | Intelligent end user devices for clearinghouse services in an internet telephony system |
WO2001047232A2 (fr) * | 1999-12-22 | 2001-06-28 | Transnexus, Inc. | Systeme et procede permettant d'inscrire de maniere securisee des dispositifs aupres d'un serveur de bureau central afin d'effectuer des communications telephoniques sur internet et des communications multimedia |
WO2001047232A3 (fr) * | 1999-12-22 | 2002-06-06 | Transnexus Inc | Systeme et procede permettant d'inscrire de maniere securisee des dispositifs aupres d'un serveur de bureau central afin d'effectuer des communications telephoniques sur internet et des communications multimedia |
US7203956B2 (en) | 1999-12-22 | 2007-04-10 | Transnexus, Inc. | System and method for the secure enrollment of devices with a clearinghouse server for internet telephony and multimedia communications |
US7398551B2 (en) | 1999-12-22 | 2008-07-08 | Transnexus, Inc. | System and method for the secure enrollment of devices with a clearinghouse server for internet telephony and multimedia communications |
US8185636B2 (en) | 2000-06-29 | 2012-05-22 | Transnexus, Inc. | Intelligent end user devices for clearinghouse services in an internet telephony system |
US7444407B2 (en) | 2000-06-29 | 2008-10-28 | Transnexus, Inc. | Intelligent end user devices for clearinghouse services in an internet telephony system |
US8289974B2 (en) | 2000-09-11 | 2012-10-16 | Transnexus, Inc. | Clearinghouse server for internet telephony and multimedia communications |
US9094504B2 (en) | 2000-09-11 | 2015-07-28 | Transnexus, Inc. | Clearinghouse server for internet telephony and multimedia communications |
US9979830B2 (en) | 2000-09-11 | 2018-05-22 | Transnexus, Inc. | Clearinghouse server for internet telephony and multimedia communications |
US7525956B2 (en) | 2001-01-11 | 2009-04-28 | Transnexus, Inc. | Architectures for clearing and settlement services between internet telephony clearinghouses |
US9088628B2 (en) | 2001-01-11 | 2015-07-21 | Transnexus, Inc. | Architectures for clearing and settlement services between internet telephony clearinghouses |
US7743263B2 (en) | 2004-03-11 | 2010-06-22 | Transnexus, Inc. | Method and system for routing calls over a packet switched computer network |
US8396056B2 (en) | 2004-03-11 | 2013-03-12 | Transnexus, Inc. | Method and system for routing calls over a packet switched computer network |
US9094418B2 (en) | 2004-03-11 | 2015-07-28 | Transnexus, Inc. | Method and system for routing calls over a packet switched computer network |
US10057303B2 (en) | 2005-12-13 | 2018-08-21 | Transnexus, Inc. | Method and system for securely authorizing VoIP interconnections between anonymous peers of VoIP networks |
WO2009124583A1 (fr) * | 2008-04-07 | 2009-10-15 | Nokia Siemens Networks Oy | Appareil, procédé, système et programme permettant une communication sécurisée |
US8924722B2 (en) | 2008-04-07 | 2014-12-30 | Nokia Siemens Networks Oy | Apparatus, method, system and program for secure communication |
Also Published As
Publication number | Publication date |
---|---|
WO2000052905A3 (fr) | 2000-12-28 |
CA2371811A1 (fr) | 2000-09-08 |
EP1157521A2 (fr) | 2001-11-28 |
BR0008457A (pt) | 2004-06-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7035410B1 (en) | Method and apparatus for enhanced security in a broadband telephony network | |
US8544077B2 (en) | Internet protocol telephony security architecture | |
US7353388B1 (en) | Key server for securing IP telephony registration, control, and maintenance | |
US8108677B2 (en) | Method and apparatus for authentication of session packets for resource and admission control functions (RACF) | |
US5515441A (en) | Secure communication method and apparatus | |
Butcher et al. | Security challenge and defense in VoIP infrastructures | |
KR101013427B1 (ko) | 보이스-오버-ip시스템들에 대한 미디어 스트림 암호화키들의 종단 간 보호 | |
US6745326B1 (en) | Authentication process including setting up a secure channel between a subscriber and a service provider accessible through a telecommunications operator | |
CN102668497B (zh) | 允许电信网络中的安全通信而免于服务的拒绝(DoS)和浸灌攻击的方法和装置 | |
US7464267B2 (en) | System and method for secure transmission of RTP packets | |
US6892308B1 (en) | Internet protocol telephony security architecture | |
US20070083918A1 (en) | Validation of call-out services transmitted over a public switched telephone network | |
US8060742B2 (en) | Method and apparatus for secure communications | |
JP4848052B2 (ja) | Vpnによる秘匿通信方法、そのシステム、そのプログラム、並びに、そのプログラムの記録媒体 | |
US20100005300A1 (en) | Method in a peer for authenticating the peer to an authenticator, corresponding device, and computer program product therefore | |
US8959610B2 (en) | Security bridging | |
CN112929339B (zh) | 一种保护隐私的消息传送方法 | |
Di Pietro et al. | A two-factor mobile authentication scheme for secure financial transactions | |
Lin et al. | Authentication protocols with nonrepudiation services in personal communication systems | |
EP1157521A2 (fr) | Procede et appareil permettant d'ameliorer la securite dans un reseau telephonique large bande | |
CA2327919C (fr) | Systeme de gestion des lignes internes | |
US20030154408A1 (en) | Method and apparatus for secured unified public communication network based on IP and common channel signaling | |
US20060147038A1 (en) | Method and installation for controlling a telephone call transmitter on an internet network and telephone terminal therefor | |
US7376837B1 (en) | Built-in manufacturer's certificates for a cable telephony adapter to provide device and service certification | |
KR0175458B1 (ko) | 종합정보 통신망에서의 정당한 사용자 인증을 위한 발신 및 착신측 처리 방법 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): BR CA |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
AK | Designated states |
Kind code of ref document: A3 Designated state(s): BR CA |
|
AL | Designated countries for regional patents |
Kind code of ref document: A3 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2000916018 Country of ref document: EP |
|
ENP | Entry into the national phase in: |
Ref country code: CA Ref document number: 2371811 Kind code of ref document: A Format of ref document f/p: F Ref document number: 2371811 Country of ref document: CA |
|
WWP | Wipo information: published in national office |
Ref document number: 2000916018 Country of ref document: EP |