EP1082837A2 - Procede de telephonie sure avec mobilite dans un systeme de telecommunication et de communication de donnees qui comprend un reseau ip - Google Patents
Procede de telephonie sure avec mobilite dans un systeme de telecommunication et de communication de donnees qui comprend un reseau ipInfo
- Publication number
- EP1082837A2 EP1082837A2 EP99929982A EP99929982A EP1082837A2 EP 1082837 A2 EP1082837 A2 EP 1082837A2 EP 99929982 A EP99929982 A EP 99929982A EP 99929982 A EP99929982 A EP 99929982A EP 1082837 A2 EP1082837 A2 EP 1082837A2
- Authority
- EP
- European Patent Office
- Prior art keywords
- network
- identity code
- unit
- mobility manager
- initiating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
Definitions
- the present invention relates to a method for safe telephony with mobility in a tele and data communications system which includes an IP-network.
- Kerberos ⁇ A known solution of the managing of keys is called Kerberos ⁇ .
- This known solution provides a central distribution of keys and is intended for users of services in networks. Kerberos ® attends to that the user can confirm his/her identity to a given service without risk that anybody is tapping the transmission in order to in a later stage unduly borrow the user's identity.
- an authentication is performed in two steps. In the first step one issues an authentication service (AS) , a so called TGS-ticket in exchange for a person proving that he/she is the person he/she gives himself/herself out to be.
- AS authentication service
- the user identification is made by the user initially once and for all registers himself/herself manually and receives a password from Kerberos ® .
- the password is stored centrally.
- the TGS-ticket includes i.a. a TGS-session key, the name of the service (i.e. TGS), a time stamp and period of validity.
- TGS-session key the name of the service (i.e. TGS)
- TGS-session key the name of the service
- TGS-session key the name of the service
- period of validity i.e.
- the user receives the TGS-ticket encrypted by TGS password and a copy of the TGS-session key encrypted by the user's password.
- the TGS-ticket is valid as access to a ticket issuing service (TGS) .
- TGS ticket issuing service
- the user for that reason turns to TGS to get service tickets to other services.
- the user transmits the TGS-ticket encrypted by TGS password and the name of the service which is asked for to TGS.
- TGS returns a ticket to the service encrypted by the password of the service and a copy of a service session key encrypted by the TGS-session key.
- For each new service the user wants to utilise he/she in the same way turns to said TGS and encloses his/her TGS-ticket in the transmission .
- This known method has several advantages. The user need only give his/her password once per working period.
- Kerberos ® is not directly applicable on IP-telephony with mobility, such as a system with DECT-telephones which have access to an IP- network. For that reason there exists a need for a security solution for such telephony.
- the aim of the present invention consequently is to create a security solution for IP-telephony with mobility.
- Figure 1 diagrammatically shows a tele and data communications system in which an embodiment of the method is implemented
- Figure 2 diagrammatically shows a part of the system in Figure 1 in detail .
- each DECT-telephone 3 an identity code (ID-code) is stored which is created in such a way that it is unique, preferably globally unique.
- ID-code is transmitted to the base station 5 of the domain. From there the ID-code is forwarded to a mobility manager, here a so called proxy manager 9, see Figure 2, which is arranged in an IP-managing unit (IMU) 7.
- the proxy manager 9 starts for each DECT-telephone 3 a proxy 11, i.e. en proxy which represents the DECT-telephone 3 towards the Internet, or any other IP-network.
- the information is collected from a specific initiating database 13, which here is called telephone directory.
- the telephone directory is reached via the IP-network 15.
- Kerberos ® is utilised, and which i.a. is implemented on a server 17, which handles the central distribution of keys.
- the information includes IP-address, the subscriber's user name, and a key for mobile IP.
- the proxy manager 9 is user and the telephone directory 13 the service which shall be used.
- the proxy manager 9 For the proxy manager 9 to receive the information, it consequently must authenticate itself to the AS-part of the server 17 to get a TGS-ticket, and then utilises the identity code as user identity, and then by transmitting the TGS-ticket to the TGS-part of the server 17 receive a service ticket to the telephone directory.
- the information is transmitted well encrypted from the telephone directory 13 to the proxy manager 9, as has been described above.
- the proxy manager 9 then starts a proxy 11 with the information as input data.
- the proxy 11 now has the function of a mobile node. If it should be in a foreign network it will make use of a mobile IP to attend to that traffic which is intended for it is routed to right address.
- This authentication is made by means of an encryption algorithm and a secret key which is shared by the mobile node, i.e. the proxy 11, and the mobility manager in its home network.
- the secret key is the above mentioned key for mobile IP which the proxy manager 9 receivers from the database 13.
- the proxy 11 is preferably compatible with the ITU- standard H.323, which can be utilised according to the following.
- the receiver collects a session key from Kerberos ® and establishes a safe and authenticated channel. After that H.323 follows on.
- the speech is accordingly transmitted encrypted in order that it shall not be possible to tap.
- participants, which are not authorised subscribers in the system are prevented, by the authentication, from making free calls.
- Kerberos ® can be exchanged for another equivalent method which implies equivalent good authentication and encryption.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
L'invention concerne un procédé de téléphonie sûre avec mobilité dans un système de télécommunication et de communication de données (1) qui comprend un réseau IP (15). Selon ce procédé la téléphonie est exécutée par des unités mobiles et le procédé de chaque unité mobile consiste: à créer un code d'identité unique et à le mémoriser dans l'unité; à transmettre le code d'identité à un gestionnaire de mobilité (9) lors de la commutation de l'unité, au moins lors de sa commutation dans un domaine local; à établir, via la réseau IP, le contact entre le gestionnaire de mobilité et une base de données d'initiation (13) aux fins de transmission des informations d'initiation destinées à la communication Internet entre la base de données d'initiation et le gestionnaire de mobilité, cette étape comportant l'authentification du gestionnaire de mobilité à l'aide du code d'identité en vue d'avoir accès à la base de données d'initiation, et le codage des données d'initiation lors de la transmission; à lancer un calcul par approximation (11) qui représente l'unité par rapport à l'Internet, à l'aide des données d'initiation.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
SE9801871A SE512440C2 (sv) | 1998-05-27 | 1998-05-27 | Metod för säker telefoni med mobilitet i ett tele- och datakommunikationssystem som innefattar ett IP-nät |
SE9801871 | 1998-05-27 | ||
PCT/SE1999/000814 WO1999062222A2 (fr) | 1998-05-27 | 1999-05-12 | Procede de telephonie sure avec mobilite dans un systeme de telecommunication et de communication de donnees qui comprend un reseau ip |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1082837A2 true EP1082837A2 (fr) | 2001-03-14 |
Family
ID=20411477
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP99929982A Withdrawn EP1082837A2 (fr) | 1998-05-27 | 1999-05-12 | Procede de telephonie sure avec mobilite dans un systeme de telecommunication et de communication de donnees qui comprend un reseau ip |
Country Status (5)
Country | Link |
---|---|
EP (1) | EP1082837A2 (fr) |
EE (1) | EE03893B1 (fr) |
NO (1) | NO20005868L (fr) |
SE (1) | SE512440C2 (fr) |
WO (1) | WO1999062222A2 (fr) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2807597B1 (fr) * | 2000-04-11 | 2005-04-08 | Sagem | Procede de gestion de la mobilite de combines au sein d'un reseau de telecommunication sans fil |
CN1322702C (zh) * | 2003-12-30 | 2007-06-20 | 华为技术有限公司 | 因特网协议语音接入设备的认证方法 |
CN100349400C (zh) * | 2004-02-11 | 2007-11-14 | 任荣昌 | 一种基于ip网用户身份的多业务交换方法及系统 |
HU226781B1 (en) | 2004-03-01 | 2009-10-28 | Miklos Jobbagy | Device set for secure direct information transmission over internet |
US8365258B2 (en) | 2006-11-16 | 2013-01-29 | Phonefactor, Inc. | Multi factor authentication |
US9762576B2 (en) | 2006-11-16 | 2017-09-12 | Phonefactor, Inc. | Enhanced multi factor authentication |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5535276A (en) * | 1994-11-09 | 1996-07-09 | Bell Atlantic Network Services, Inc. | Yaksha, an improved system and method for securing communications using split private key asymmetric cryptography |
US5602918A (en) * | 1995-12-22 | 1997-02-11 | Virtual Open Network Environment Corp. | Application level security system and method |
GB2317792B (en) * | 1996-09-18 | 2001-03-28 | Secure Computing Corp | Virtual private network on application gateway |
US5684950A (en) * | 1996-09-23 | 1997-11-04 | Lockheed Martin Corporation | Method and system for authenticating users to multiple computer servers via a single sign-on |
-
1998
- 1998-05-27 SE SE9801871A patent/SE512440C2/sv not_active IP Right Cessation
-
1999
- 1999-05-12 EP EP99929982A patent/EP1082837A2/fr not_active Withdrawn
- 1999-05-12 EE EEP200000701A patent/EE03893B1/xx not_active IP Right Cessation
- 1999-05-12 WO PCT/SE1999/000814 patent/WO1999062222A2/fr active Application Filing
-
2000
- 2000-11-21 NO NO20005868A patent/NO20005868L/no not_active Application Discontinuation
Non-Patent Citations (1)
Title |
---|
See references of WO9962222A2 * |
Also Published As
Publication number | Publication date |
---|---|
EE03893B1 (et) | 2002-10-15 |
NO20005868D0 (no) | 2000-11-21 |
SE512440C2 (sv) | 2000-03-20 |
WO1999062222A2 (fr) | 1999-12-02 |
SE9801871D0 (sv) | 1998-05-27 |
WO1999062222A3 (fr) | 2000-02-03 |
EE200000701A (et) | 2002-04-15 |
SE9801871L (sv) | 1999-11-28 |
NO20005868L (no) | 2001-01-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6334056B1 (en) | Secure gateway processing for handheld device markup language (HDML) | |
Hwang et al. | A self-encryption mechanism for authentication of roaming and teleconference services | |
US6145084A (en) | Adaptive communication system enabling dissimilar devices to exchange information over a network | |
CN101077017B (zh) | 在分布式网络传递的半双工通信中添加认证的系统及方法 | |
CN1839608B (zh) | 用于产生在不同域间使用的唯一用户身份的装置和方法 | |
US7865173B2 (en) | Method and arrangement for authentication procedures in a communication network | |
US7197297B2 (en) | Authentication method for enabling a user of a mobile station to access to private data or services | |
US7340525B1 (en) | Method and apparatus for single sign-on in a wireless environment | |
JP2000232690A (ja) | 通信ネットワーク用セキュリティ方法及び安全なデータ転送方法 | |
WO2001054346A1 (fr) | Procede de production d'identite electronique | |
WO2001050682A1 (fr) | Communication utilisant des numeros de telephone virtuels | |
CA2468599A1 (fr) | Utilisation d'une paire de cles publiques dans un terminal pour l'authentification et l'autorisation de l'abonne de telecommunication par rapport au fournisseur de reseau et des partenaires commerciaux | |
EP1082837A2 (fr) | Procede de telephonie sure avec mobilite dans un systeme de telecommunication et de communication de donnees qui comprend un reseau ip | |
CN1771753B (zh) | 使用移动终端的红外通信进行用户身份验证的方法和装置 | |
CN101090314A (zh) | 整合票证授予服务于通话起始协议的鉴别方法及其装置 | |
CN112565294A (zh) | 一种基于区块链电子签名的身份认证方法 | |
CN100450011C (zh) | 用于调停管理命令的设备和方法 | |
US11146536B2 (en) | Method and a system for managing user identities for use during communication between two web browsers | |
US7139377B2 (en) | Method of providing services to remote private terminals and an associated device | |
US20050190904A1 (en) | Method for performing network-based telephone user identification | |
MXPA01013117A (es) | Sistema y metodo para puesta en vigor de politica local para proveedores de servicio de internet. | |
CN100479452C (zh) | 从ip终端上安全传送卡号信息到软交换的方法 | |
US6961851B2 (en) | Method and apparatus for providing communications security using a remote server | |
KR100637996B1 (ko) | 다이얼 인증 제공 시스템 | |
WO1999037055A1 (fr) | Systeme et procede d'acces protege a distance a un reseau informatise |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20001227 |
|
AK | Designated contracting states |
Kind code of ref document: A2 Designated state(s): DE DK ES FI FR GB IT SE |
|
AX | Request for extension of the european patent |
Free format text: LT PAYMENT 20001227;LV PAYMENT 20001227 |
|
17Q | First examination report despatched |
Effective date: 20070720 |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: TELIASONERA AB |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20100202 |