JP2006050407A - Security policy setting method, program, and communication apparatus - Google Patents

Security policy setting method, program, and communication apparatus Download PDF

Info

Publication number
JP2006050407A
JP2006050407A JP2004230802A JP2004230802A JP2006050407A JP 2006050407 A JP2006050407 A JP 2006050407A JP 2004230802 A JP2004230802 A JP 2004230802A JP 2004230802 A JP2004230802 A JP 2004230802A JP 2006050407 A JP2006050407 A JP 2006050407A
Authority
JP
Japan
Prior art keywords
security policy
setting information
device
policy setting
printer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
JP2004230802A
Other languages
Japanese (ja)
Other versions
JP4101215B2 (en
Inventor
Hiroaki Nakazawa
Katsuhisa Ogawa
Naohiko Suzuki
宏昭 中澤
勝久 小川
直彦 鈴木
Original Assignee
Canon Inc
キヤノン株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Canon Inc, キヤノン株式会社 filed Critical Canon Inc
Priority to JP2004230802A priority Critical patent/JP4101215B2/en
Publication of JP2006050407A publication Critical patent/JP2006050407A/en
Application granted granted Critical
Publication of JP4101215B2 publication Critical patent/JP4101215B2/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

PROBLEM TO BE SOLVED: In IPsec communication, security policies such as both IP addresses, application port numbers, security types, and security levels must be set in advance in a terminal device.
A digital camera 102 transmits a connection call message 402 for calling the printer 101 via the SIP server 103 with the security policy setting information of the digital camera 102 attached thereto. The printer 101 sets the security policy of the printer 101 based on the received security policy setting information of the digital camera 102 and transmits a connection response message 404 with the security policy setting information of the printer 101 attached. The digital camera 102 sets the security policy of the digital camera 102 based on the received security policy setting information of the printer 101.
[Selection] Figure 5

Description

  The present invention relates to a setting method for setting a security policy in a first device and a second device, a security policy setting program, and a communication device.

  IPsec is a standardized technology having functions and safety for realizing security at an end-to-end IP layer. The core of IPsec is automatic generation of SA (Security Association) by IKE (Internet Key Exchange) protocol. SA establishment is based on security policy (SP) of Phase 1 (or ISAKMP SA), Phase 2 (or IPsec SA). It is performed in two stages. Patent Document 1 is a patent document related to IPsec.

In the case of the aggressive mode, in Phase 1, the encryption algorithm of the IKE channel is selected in the first round trip, the key exchange (key for IKE communication) is performed in the second round trip by the DH (Diffee-Hellman) key exchange algorithm, and the third round trip. Authenticate the communication partner with. In Phase 2, the encryption algorithm and secret key used in the security protocol ESP or AH are exchanged using the secret communication path established in Phase 1 in the first round-trip, and the subsequent connection approval is sent only as transmission. The exchanged setting information is registered as an SA entry of SAD (Security Association Database) of both terminal devices, and is used for mutual secure communication.
JP 2001-298449 A

  IPsec communication is standardized as described above so that SA can be automatically established between terminal devices, but the terminal device has security policies such as both IP address, application port number, security type, and security level. Must be set in advance.

  The present invention eliminates the trouble of SP setting for each of a large number of communication partners by using the SIP protocol when calling the other party.

  The present invention is a setting method for setting a security policy in a first device and a second device, wherein the first device sends a connection call message for calling the second device via the SIP server, The security policy setting information of the first device is attached and transmitted, and the second device sets the security policy of the second device based on the received security policy setting information of the first device, and the connection response message Is attached with the security policy setting information of the second device, and the first device sets the security policy of the first device based on the received security policy setting information of the second device. It is characterized by.

  According to the present invention, it is possible to perform secure communication with a large number of communication partners.

  Hereinafter, embodiments according to the present invention will be described in detail with reference to the drawings.

  FIG. 1 is a network configuration diagram of an embodiment of the present invention. In FIG. 1, reference numeral 100 denotes the Internet, which can communicate using the IPv6 protocol. Reference numeral 101 denotes a printer connected directly or indirectly to the Internet 100, and communication using the IPv6 protocol is possible via the Internet 100. Reference numeral 102 denotes a digital still camera (hereinafter referred to as “digital camera”) that is directly or indirectly connected to the Internet 100, and can perform communication using the IPv6 protocol via the Internet 100. In this embodiment, security policies are set for the digital camera (first device) 102 and the printer (second device) 101.

  An SIP server 103 connected to the Internet 100 establishes a session for peer-to-peer communication using the IPv6 protocol between the printer 101 and the digital camera 102. That is, when the printer 101 and the digital camera 102 communicate peer-to-peer, both devices perform address registration (SIP Register) to the SIP server 103, and the digital camera 102 sends a session request (SIP Invite) as a connection call message to the printer 101. Both devices establish a session for performing peer-to-peer communication. After this session is established, both devices can perform peer-to-peer communication with the intended application. Note that SIP (Session Initiation Protocol) is defined in RFC2543.

  The SIP server 103 has a location database. The location database stores the SIP URI and the IPv6 address. In this embodiment, the location table includes a SIP URI (for example, BJ001@device.oan.com) and an IPv6 address (for example, 2001: 340 :: 1) of the printer 101, and a SIP URI (for example, DC @) of the digital camera 102. device.oanon.com) and an IPv6 address (for example, 2002: 200: 1) are stored.

  Hereinafter, a flow of registering such information in the location database of the SIP server 103 will be briefly described. The SIP server 103 provides a registry service, a location service, and a proxy service as a SIP server in the domain “device.oanon.com”. The printer 101 registers (SIP Register) an IPv6 address (2001: 340 :: 1) automatically set when connected to the Internet 100, together with its own ID (BJ001), in the SIP server 103.

  Upon receiving the registration request, the SIP server 103 performs authentication defined by SIP and accepts registration of the printer 101. At this time, the domain (device.oanon.com) managed by the SIP server 103 is connected to the device ID (BJ001) by “@” to create the SIP URI of the device. Further, the IPv6 address (2001: 340 :: 1) is extracted from the registration request message (SIP Register message) from the printer 101 and stored in the location database together with the previously created SIP URI (BJ001@device.oon.com). .

  FIG. 2 shows an example of a hardware configuration for operating a software program for realizing the functions of the printer 101 and the digital camera 102 according to this embodiment. Note that the SIP server 103 can be similarly configured.

  A computer 900 includes a CPU 901, a ROM 902, a RAM 903, a hard disk (HD) 907 and a disk controller (DC) 905 of a floppy (registered trademark) disk (FD) 908, and a network interface card (NIC) 906. A configuration in which communication is possible with each other via the network 904 is employed. The system bus 904 is connected to the Internet 100 and the network interface card 906 shown in FIG.

  The CPU 901 performs overall control of each component connected to the stem bus 904 by executing software stored in the ROM 902 or the HD 907 or software supplied from the FD 908. That is, the CPU 901 reads out a processing program according to the processing sequence described below from the ROM 902, HD 907, or FD 908 and executes it, thereby performing control for realizing the operation in the present embodiment. The RAM 903 functions as a main memory or work area for the CPU 901. The DC 905 controls access to the HD 907 and the FD 908 that store a boot program, various applications, an edit file, a user file, a network management program, the processing program in the present embodiment, and the like. The NIC 906 performs mutual communication using the IP communication protocol through the Internet 100. The NIC 906 is means for transmitting / receiving data to / from a communication partner (via or without SIP). The CPU 901 is means for generating data to be transmitted by the NIC 906 and interpreting data received by the NIC 906. In addition, the CPU 901 sets its own security policy.

  FIG. 3 is a configuration diagram of software modules installed in the device device. In particular, the module configuration of the digital camera 102 is shown, but the printer 101 may have the same configuration.

  A SIP communication module 301 exchanges SIP messages with the SIP server 103. Reference numeral 302 denotes a message analysis module, which analyzes SIP messages exchanged by the SIP communication module 301. Reference numeral 303 denotes a SIP UA interface. When a user using the digital camera 102 performs peer-to-peer communication with the printer 101, session establishment and application communication are started using the SIP UA interface. An SDP negotiation module 304 negotiates two SDP information (self SDP information and communication partner SDP information) describing application information for performing peer-to-peer communication in the SIP Invite process. Reference numeral 305 denotes an SP information database, which stores security policy setting items used in IPsec. Details regarding the SP information database will be described with reference to FIG.

  Reference numeral 306 denotes an SP creation module, which is a module for actually setting a security policy from security policy setting items stored in the SP information database 305. Reference numeral 307 denotes self-SDP information, which stores information on applications used in peer-to-peer communication by this device (digital camera 102). The SP information DB 305 and the self SDP information 307 are provided on the RAM 903 or the HD 907.

  Reference numeral 308 denotes an upper application (one or more), which is an application used in inter-device peer-to-peer communication described in the self-SDP information 307.

  The SDP negotiation module 304 negotiates SDP information in the SIP Invite process. A detailed example regarding the SDP information 307 attached to the SIP Invite related message is as follows. This example is SDP information 307 on the digital camera side that the digital camera 102 attaches to the SIP Invite message.

v = 0
o = DC101 186587615 11143438870 IN IP6 2002: 200: 1
s =-
c = IN IP6 2002: 200: 1
t = 0 0
m = application 46127 HTTP / TCP
k = SEC_Level request
k = SEC_Type ah & esp

  Explain important information. “DC101” in the second row “o =” is the device ID, and “2002: 200: 1” is the IP address of the digital camera 102. Similarly, an IP address is also described in “c =”. “46127” of “m =” is the port number of the application, and there is a description using the protocol of “HTTP / TCP”. Then, in the last two lines “k =”, SEC_Level (security level) and SEC_Type (security type) are described. In the security type, a protocol type used in IPsec is registered. The types that can be specified include “esp” for performing encryption, “ah” for performing authentication, and “ah & esp” using both encryption and authentication. Security levels include “require” that requires the use of IPsec, and “use” that is used when there is a valid setting for IPsec, but that does not use IPsec when there is no setting. The SDP information 307 is provided for each upper application when there are a plurality of upper applications 308.

  FIG. 4 shows an example of the SP information database 305. In particular, the SP information created in the digital camera 102 when performing peer-to-peer communication from the digital camera 102 to the printer 101 is shown. Reference numeral 601 denotes a local address, which registers an IP address assigned to the digital camera 102. Reference numeral 602 denotes a local port number, which registers a port number of an application used by the digital camera 102 during peer-to-peer communication. A remote address 603 registers the IP address of the printer 101 that is a communication partner. Reference numeral 604 denotes a remote port number, which registers a port number of an application used by the printer 101 as a communication partner for peer-to-peer communication.

  A security type 605 is one of the security policy items added to the SDP information, and registers a protocol type used in IPsec. As described above, the types that can be designated are “esp” for performing encryption, “ah” for performing authentication, and “ah & esp” using both encryption and authentication.

  Reference numeral 606 denotes a security level, which is one of the security policy items added to the SDP information, and registers the IPsec usage level. As described above, the level that can be specified is “require”, which requires the use of IPsec, and is used when there is a valid setting for IPsec. "Use" to perform.

  The SP information entry actually registered in the digital camera 102 is 611. From this entry, the address of the digital camera 102 is “2002: 200 :: 1”, the port number of the application activated on the digital camera 102 is “46127”, the address of the printer 101 is “2001: 340 :: 1”, and the printer 101 It can be seen that the port number of the application to be started is “80”, the security type of both devices is “ah & esp”, and the security level of both devices is “require”.

  FIG. 5 is a sequence diagram of this embodiment. In particular, a procedure for performing peer-to-peer communication from the digital camera 102 to the printer 101 will be described. Here, a setting method for setting a security policy for the digital camera (first device) 102 and the printer (second device) 101 is shown.

  Reference numeral 401 denotes a SIP Invite process and a security policy setting process that operate when the digital camera 102 requests peer-to-peer communication with the printer 101. The user of the digital camera 102 starts the processing by designating the printer 101 that is a partner for peer-to-peer communication and the application used in the peer-to-peer communication using the SIP UA interface 303. In response to a user's request for peer-to-peer communication with the printer 101, the digital camera 102 sends a SIP Invite message (connection call message) attached with SDP information (security policy setting information) 307 at 402 via the SIP server 103. Send to. That is, the digital camera (first device) 102 attaches a connection call message for calling the printer (second device) 101 via the SIP server 103 and the security policy setting information of the digital camera (first device) 102. Then send.

  Upon receiving the SIP Invite message 402, the printer 101 starts a SIP Invite process for establishing a peer-to-peer communication connection with the digital camera 102 and a security policy setting process in 403. The printer 101 that has received the SIP Invite message 402 checks the SDP information 307 of the attached digital camera 102, and returns a 200 OK message with the SDP information (security policy setting information) of the printer 101 attached as a result of the check. To do. That is, the printer (second device) 101 transmits a connection response message with the security policy setting information of the printer (second device) 101 attached. The SDP information attached to 200OK will be described in detail later. The 200 OK message 404 reaches the digital camera 102 via the SIP server 103.

  The digital camera 102 that has received the 200 OK message 404 confirms the content of the message and the SDP information of the attached printer 101, and transmits an Ack message 405. After the transmission of the Ack message 405, the security policy created from the SDP information (security policy setting information) of the printer 101 that is the communication partner is set at 406. That is, the digital camera (first device) 102 sets the security policy of the digital camera (first device) 102 based on the received security policy setting information of the printer (second device) 101.

  On the other hand, in the printer 101 that has received the Ack message 405, the security policy created from the SDP information of the digital camera 102 that is the communication partner is set in 407. That is, the printer (second device) 101 sets the security policy of the printer (second device) 101 based on the received security policy setting information of the digital camera (first device) 102.

  FIG. 6 shows a template used when a security policy to be actually set is generated. The SP creation module 306 generates a security policy to be actually set from the security policy setting items (SP information) stored in the SP information database 305 using this template. <Local_addr> is a local address, and the value of 601 is set. <Local_port> is a local address, and the value of 602 is set. <Remote_addr> is a remote address, and the value of 603 is set. <Remote_port> is a remote port, and the value of 604 is set. <Sec_type> is a security type, the value of 605 is set, and <sec_level> is a security level, and the value of 606 is set. If “ah & esp” is specified for sec_type (that is, when both authentication and encryption are used), “<sec_type> / transport // <sec_level>” is repeatedly set. That is, it is described as “˜ah / transport // quire esp / transport // request˜”.

  7 and 8 show the processing flow of this embodiment. In particular, SIP Invite processing and security policy setting processing (setting processing for setting a security policy in the digital camera (first device) 102 and the printer (second device) 101) will be described.

  In 501 of FIG. 7, it is determined whether a request for peer-to-peer communication from the user has been input. That is, when the digital camera 102 designates the printer 101 that is a partner for peer-to-peer communication and the application to be used for the peer-to-peer communication using the SIP UA interface 302, the process proceeds to 503, and a request from the user is received. If not, the process proceeds to 502. In 502, it is determined whether a SIP Invite message has been received. In other words, if the printer 101 receives the SIP Invite message 402, the process proceeds to 512. If not received, the process ends, and the process from 501 starts again. The determination processes 501 and 502 determine the process at the access-side terminal and the process at the accessed-side terminal in inter-device peer-to-peer communication.

  Terminal processing on the access side is performed from 503. Reference numerals 501 and 503 to 511 denote programs executed by the CPU 901 of the digital camera 102 on the access side. In 503, the self-SDP information including the corresponding application information is acquired from the self-SDP information 307 from the request contents received from the user received in 501, and the self-address and port number are obtained from the SP information database 305. Register with. At 504, the self-SDP information (security policy setting information) acquired at 503 is attached to the SIP Invite message. In 505, a SIP Invite message (connection call message) is transmitted to the SIP server 103. That is, the digital camera (first device) 102 attaches a connection call message for calling the printer (second device) 101 via the SIP server 103 and the security policy setting information of the digital camera (first device) 102. Then send. At this time, the SIP URI of the partner with which peer-to-peer communication is performed is specified as the destination of the SIP Invite message. That is, in the case of a peer-to-peer communication request from the digital camera 102 to the printer 101, the request is transmitted to the SIP URI “BJ001@device.oan.com” of the printer 101.

  In 506, a 200 OK message which is a reply message to the SIP Invite message in 505 is received. This 200 OK message is attached with SDP information (security policy setting information) of a device device that is a peer of peer-to-peer communication. In 507, the attached communication partner SDP information (security policy setting information) is acquired. That is, the security policy setting information of the communication partner is received. It is determined at 508 from the acquired communication partner SDP information whether the item (SEC * item) relating to the security policy setting is a valid value. The valid value is that the security policy item of the self-SDP information attached to the SIP Invite message and the security policy item of the communication partner SDP information attached to the 200 OK message are the same value. If the value is valid, the process proceeds to 509. If the value is not valid, the process proceeds to 511.

  In step 509, the security policy item checked in step 508 and the information on the address and port number of the communication partner are stored in the SP information database 305 registered in step 503 from the communication partner SDP information (security policy setting information). Register additional. The SP information entry is completed by the registration processing of each of the SP information 503 and 509. Therefore, a security policy that is actually set in the device is created from the completed SP information in 510 and set in the kernel. That is, the digital camera (first device) 102 sets the security policy of the digital camera (first device) 102 based on the received security policy setting information of the printer (second device) 101. In 511, an Ack message to be transmitted at the end of the SIP Invite process is transmitted to the communication partner device, and the process ends.

  On the other hand, the terminal processing on the accessed side is performed from 512. Reference numerals 502 and 512 to 524 denote programs executed by the CPU 901 of the digital camera 102 on the access side. When a SIP Invite message (connection call message) is received from a device requesting peer-to-peer communication at 512, communication partner SDP information (security policy setting information) 307 attached to the 512 SIP Invite message is acquired at 513. . That is, a connection call message attached with the security policy setting information of the communication partner is received via the SIP server.

  The security policy items (security type and level) are checked from the acquired communication partner SDP information 307 at 514 in FIG. 8, and if a value is set, the process proceeds to 515, and if there is no value, 519. The process proceeds. If there is a security policy item, it is compared with the security policy item of the self-SDP information at 515, and it is determined at 516 whether all of these values are the same. If all the security policy items are the same, the process proceeds to 517, and if not, the process proceeds to 519.

  If the security policy item (security type and level) of the communication partner SDP information matches the security policy item of the self-SDP information, the self-SDP information is acquired as it is at 517. Then, at 518, SP information is registered in the SP information database 305 from the communication partner SDP information and the self SDP information. Specifically, a common security policy item from both SDP information, an address and a port number from the communication partner SDP information (security policy setting information), and an address and a port number from the own SDP information, respectively, are obtained. Register with. That is, the printer (second device) 101 registers the security policy of the printer (second device) 101 in the SP information database 305 based on the received security policy setting information of the digital camera (first device) 102. To do. Then, the process proceeds to 520.

  On the other hand, if the security policy item (security type and level) of the communication partner SDP information does not match the security policy item of the self-SDP information, the security policy item of the self-SDP information is changed to blank in 519. .

  At 520, the self-SDP information (security policy setting information) acquired / corrected at 517 or 519 is attached to a 200 OK message (connection response message), and at 2001, the 200 OK message is transmitted. That is, the printer (second device) 101 receives a connection response message based on the received security policy setting information of the digital camera (first device) 102, and the security policy setting information of the printer (second device) 101. Send it as an attachment.

  When the Ack message is received at 522, it is determined at 523 whether SP information has been created at 518. If the SP information has been created, the process proceeds to 524, and if the SP information has not been created, the process ends. In 524, a security policy that is actually set in the device is created from the created SP information, set in the kernel, and the process ends. That is, the printer (second apparatus) 101 sets the security policy of the printer (second apparatus) 101 based on the received security policy setting information of the digital camera (first apparatus) 102.

It is a network block diagram of one Embodiment of this invention. It is a hardware block diagram of this embodiment. It is a module block diagram of this embodiment. It is a block diagram of SP information database. It is a sequence diagram of this embodiment. It is a figure of the template utilized when producing | generating a security policy. It is a processing flow figure of this embodiment. It is a processing flow figure of this embodiment.

Explanation of symbols

101 Printer 102 Digital Camera (Digital Camera)
103 SIP server

Claims (6)

  1. A setting method for setting a security policy on a first device and a second device,
    The first device sends a connection call message for calling the second device via the SIP server, with the security policy setting information of the first device attached,
    Based on the received security policy setting information of the first device, the second device sets the security policy of the second device, attaches a connection response message, and attaches the security policy setting information of the second device. Send
    A security policy setting method, wherein the first device sets a security policy of the first device based on the received security policy setting information of the second device.
  2. A connection call message for calling a communication partner via the SIP server is sent with its security policy setting information attached,
    Receive the security policy setting information of the communication partner,
    A security policy setting method, wherein the security policy is set based on the received security policy setting information of a communication partner.
  3. A connection call message attached with the security policy setting information of the communication partner is received via the SIP server,
    Based on the received security policy setting information of the communication partner, set its own security policy,
    A security policy setting method, wherein a connection response message is transmitted with its own security policy setting information attached.
  4.   The program for implement | achieving the setting method of Claim 2 or 3.
  5. A transmission means for transmitting a connection call message for calling a communication partner via a SIP server, with its security policy setting information attached thereto;
    A receiving means for receiving the security policy setting information of the communication partner;
    A communication apparatus comprising setting means for setting its own security policy based on received security policy setting information of a communication partner.
  6. Receiving means for receiving a connection call message attached with security policy setting information of a communication partner via a SIP server;
    A setting means for setting its own security policy based on the received security policy setting information of the communication partner;
    A communication apparatus comprising: a transmission unit that transmits a connection response message with its security policy setting information attached thereto.
JP2004230802A 2004-08-06 2004-08-06 Security policy setting method Expired - Fee Related JP4101215B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2004230802A JP4101215B2 (en) 2004-08-06 2004-08-06 Security policy setting method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2004230802A JP4101215B2 (en) 2004-08-06 2004-08-06 Security policy setting method

Publications (2)

Publication Number Publication Date
JP2006050407A true JP2006050407A (en) 2006-02-16
JP4101215B2 JP4101215B2 (en) 2008-06-18

Family

ID=36028417

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2004230802A Expired - Fee Related JP4101215B2 (en) 2004-08-06 2004-08-06 Security policy setting method

Country Status (1)

Country Link
JP (1) JP4101215B2 (en)

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008035269A (en) * 2006-07-28 2008-02-14 Canon Inc System and control method thereof, image processor, image forming apparatus, and program
JPWO2006087819A1 (en) * 2005-02-21 2008-07-03 富士通株式会社 Communication device
JP2010268060A (en) * 2009-05-12 2010-11-25 Nippon Telegr & Teleph Corp <Ntt> Content acquisition method, content acquisition device, content acquisition program, and recording medium
JP2010539761A (en) * 2007-09-14 2010-12-16 テレフオンアクチーボラゲット エル エム エリクソン(パブル) Method and apparatus for handling trust in an IP multimedia subsystem communication network
JP2011128662A (en) * 2009-11-18 2011-06-30 Canon Inc Information processing apparatus and method of setting security thereof
JP2014099160A (en) * 2012-09-28 2014-05-29 Avaya Inc Distributed application for enterprise policy to web real time communication (webrtc) dialog session, related method and system and computer readable medium
US9294458B2 (en) 2013-03-14 2016-03-22 Avaya Inc. Managing identity provider (IdP) identifiers for web real-time communications (WebRTC) interactive flows, and related methods, systems, and computer-readable media
US9363133B2 (en) 2012-09-28 2016-06-07 Avaya Inc. Distributed application of enterprise policies to Web Real-Time Communications (WebRTC) interactive sessions, and related methods, systems, and computer-readable media
US9525718B2 (en) 2013-06-30 2016-12-20 Avaya Inc. Back-to-back virtual web real-time communications (WebRTC) agents, and related methods, systems, and computer-readable media
US9531808B2 (en) 2013-08-22 2016-12-27 Avaya Inc. Providing data resource services within enterprise systems for resource level sharing among multiple applications, and related methods, systems, and computer-readable media
US9614890B2 (en) 2013-07-31 2017-04-04 Avaya Inc. Acquiring and correlating web real-time communications (WEBRTC) interactive flow characteristics, and related methods, systems, and computer-readable media
US9749363B2 (en) 2014-04-17 2017-08-29 Avaya Inc. Application of enterprise policies to web real-time communications (WebRTC) interactive sessions using an enterprise session initiation protocol (SIP) engine, and related methods, systems, and computer-readable media
US9769214B2 (en) 2013-11-05 2017-09-19 Avaya Inc. Providing reliable session initiation protocol (SIP) signaling for web real-time communications (WEBRTC) interactive flows, and related methods, systems, and computer-readable media
US9900347B2 (en) 2007-09-14 2018-02-20 Telefonaktiebolaget Lm Ericsson (Publ) Handling trust in an IP multimedia subsystem communication network
US9912705B2 (en) 2014-06-24 2018-03-06 Avaya Inc. Enhancing media characteristics during web real-time communications (WebRTC) interactive sessions by using session initiation protocol (SIP) endpoints, and related methods, systems, and computer-readable media
US10129243B2 (en) 2013-12-27 2018-11-13 Avaya Inc. Controlling access to traversal using relays around network address translation (TURN) servers using trusted single-use credentials
US10205624B2 (en) 2013-06-07 2019-02-12 Avaya Inc. Bandwidth-efficient archiving of real-time interactive flows, and related methods, systems, and computer-readable media
US10225212B2 (en) 2013-09-26 2019-03-05 Avaya Inc. Providing network management based on monitoring quality of service (QOS) characteristics of web real-time communications (WEBRTC) interactive flows, and related methods, systems, and computer-readable media
US10263952B2 (en) 2013-10-31 2019-04-16 Avaya Inc. Providing origin insight for web applications via session traversal utilities for network address translation (STUN) messages, and related methods, systems, and computer-readable media
US10581927B2 (en) 2014-04-17 2020-03-03 Avaya Inc. Providing web real-time communications (WebRTC) media services via WebRTC-enabled media servers, and related methods, systems, and computer-readable media

Cited By (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPWO2006087819A1 (en) * 2005-02-21 2008-07-03 富士通株式会社 Communication device
JP2008035269A (en) * 2006-07-28 2008-02-14 Canon Inc System and control method thereof, image processor, image forming apparatus, and program
US8792115B2 (en) 2006-07-28 2014-07-29 Canon Kabushiki Kaisha System and control method for securing information between image processing device and image forming device
JP2010539761A (en) * 2007-09-14 2010-12-16 テレフオンアクチーボラゲット エル エム エリクソン(パブル) Method and apparatus for handling trust in an IP multimedia subsystem communication network
US9900347B2 (en) 2007-09-14 2018-02-20 Telefonaktiebolaget Lm Ericsson (Publ) Handling trust in an IP multimedia subsystem communication network
JP2010268060A (en) * 2009-05-12 2010-11-25 Nippon Telegr & Teleph Corp <Ntt> Content acquisition method, content acquisition device, content acquisition program, and recording medium
JP2011128662A (en) * 2009-11-18 2011-06-30 Canon Inc Information processing apparatus and method of setting security thereof
US9536099B2 (en) 2009-11-18 2017-01-03 Canon Kabushiki Kaisha Information processing apparatus and method of setting security thereof
JP2014099160A (en) * 2012-09-28 2014-05-29 Avaya Inc Distributed application for enterprise policy to web real time communication (webrtc) dialog session, related method and system and computer readable medium
US10164929B2 (en) 2012-09-28 2018-12-25 Avaya Inc. Intelligent notification of requests for real-time online interaction via real-time communications and/or markup protocols, and related methods, systems, and computer-readable media
US9363133B2 (en) 2012-09-28 2016-06-07 Avaya Inc. Distributed application of enterprise policies to Web Real-Time Communications (WebRTC) interactive sessions, and related methods, systems, and computer-readable media
US9294458B2 (en) 2013-03-14 2016-03-22 Avaya Inc. Managing identity provider (IdP) identifiers for web real-time communications (WebRTC) interactive flows, and related methods, systems, and computer-readable media
US10205624B2 (en) 2013-06-07 2019-02-12 Avaya Inc. Bandwidth-efficient archiving of real-time interactive flows, and related methods, systems, and computer-readable media
US9525718B2 (en) 2013-06-30 2016-12-20 Avaya Inc. Back-to-back virtual web real-time communications (WebRTC) agents, and related methods, systems, and computer-readable media
US9614890B2 (en) 2013-07-31 2017-04-04 Avaya Inc. Acquiring and correlating web real-time communications (WEBRTC) interactive flow characteristics, and related methods, systems, and computer-readable media
US9531808B2 (en) 2013-08-22 2016-12-27 Avaya Inc. Providing data resource services within enterprise systems for resource level sharing among multiple applications, and related methods, systems, and computer-readable media
US10225212B2 (en) 2013-09-26 2019-03-05 Avaya Inc. Providing network management based on monitoring quality of service (QOS) characteristics of web real-time communications (WEBRTC) interactive flows, and related methods, systems, and computer-readable media
US10263952B2 (en) 2013-10-31 2019-04-16 Avaya Inc. Providing origin insight for web applications via session traversal utilities for network address translation (STUN) messages, and related methods, systems, and computer-readable media
US9769214B2 (en) 2013-11-05 2017-09-19 Avaya Inc. Providing reliable session initiation protocol (SIP) signaling for web real-time communications (WEBRTC) interactive flows, and related methods, systems, and computer-readable media
US10129243B2 (en) 2013-12-27 2018-11-13 Avaya Inc. Controlling access to traversal using relays around network address translation (TURN) servers using trusted single-use credentials
US10581927B2 (en) 2014-04-17 2020-03-03 Avaya Inc. Providing web real-time communications (WebRTC) media services via WebRTC-enabled media servers, and related methods, systems, and computer-readable media
US9749363B2 (en) 2014-04-17 2017-08-29 Avaya Inc. Application of enterprise policies to web real-time communications (WebRTC) interactive sessions using an enterprise session initiation protocol (SIP) engine, and related methods, systems, and computer-readable media
US9912705B2 (en) 2014-06-24 2018-03-06 Avaya Inc. Enhancing media characteristics during web real-time communications (WebRTC) interactive sessions by using session initiation protocol (SIP) endpoints, and related methods, systems, and computer-readable media

Also Published As

Publication number Publication date
JP4101215B2 (en) 2008-06-18

Similar Documents

Publication Publication Date Title
US8504822B2 (en) Transparent proxy of encrypted sessions
CN103503408B (en) system and method for providing access credentials
CN106233704B (en) Method and apparatus by Relay mode network address translation hole punching voucher are provided
EP2509278B1 (en) System and method for sip user agent identification and efficient binding
US9294519B2 (en) File server device
CA2654381C (en) Policy driven, credential delegation for single sign on and secure access to network resources
US6643701B1 (en) Method and apparatus for providing secure communication with a relay in a network
US8515078B2 (en) Mass subscriber management
KR100856674B1 (en) System and method for authenticating clients in a client-server environment
US8275989B2 (en) Method of negotiating security parameters and authenticating users interconnected to a network
JP4708376B2 (en) Method and system for securing access to a private network
JP4517578B2 (en) Peer-to-peer communication apparatus and communication method
US8095786B1 (en) Application-specific network-layer virtual private network connections
JP4405360B2 (en) Firewall system and firewall control method
US6363478B1 (en) Security mechanisms in a web server
DE60218042T2 (en) Method and system for a service process for providing a service to a customer
US7508767B2 (en) Access management method and access management server
DE602004007301T2 (en) Addressing method and apparatus for building hip connections between current and hip-able network nodes
US8191119B2 (en) Method for protecting against denial of service attacks
US8205074B2 (en) Data communication method and data communication system
CN100531155C (en) Method and system for registering and automatically retrieving digital-certificates in voice over internet protocol (voip) communications
US7742605B2 (en) Method and system for authentification of a mobile user via a gateway
KR101120695B1 (en) Efficient message routing when using server pools
JP4965574B2 (en) Port sharing among multiple processes
JP5714690B2 (en) Pluggable token provider model that enforces authentication across multiple web services

Legal Events

Date Code Title Description
A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20051212

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20070830

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20070904

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20071031

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20080311

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20080318

R150 Certificate of patent or registration of utility model

Ref document number: 4101215

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150

Free format text: JAPANESE INTERMEDIATE CODE: R150

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20110328

Year of fee payment: 3

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20120328

Year of fee payment: 4

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20130328

Year of fee payment: 5

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20140328

Year of fee payment: 6

LAPS Cancellation because of no payment of annual fees