JP2012533218A - 効率的鍵管理システムおよび方法 - Google Patents
効率的鍵管理システムおよび方法 Download PDFInfo
- Publication number
- JP2012533218A JP2012533218A JP2012519565A JP2012519565A JP2012533218A JP 2012533218 A JP2012533218 A JP 2012533218A JP 2012519565 A JP2012519565 A JP 2012519565A JP 2012519565 A JP2012519565 A JP 2012519565A JP 2012533218 A JP2012533218 A JP 2012533218A
- Authority
- JP
- Japan
- Prior art keywords
- key
- terminal
- key exchange
- internet
- random
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/10—Architectures or entities
- H04L65/1045—Proxies, e.g. for session initiation protocol [SIP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1101—Session protocols
- H04L65/1104—Session initiation protocol [SIP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/76—Proxy, i.e. using intermediary entity to perform cryptographic operations
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Multimedia (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
Claims (10)
- SIPにおける効率的鍵交換システムであって、
信号を送信するように構成および構築された第1の端末と、
信号を受信するように構成および構築された第2の端末と、
信号を受信し、第1の端末にランダムナンスrを送信するように構成および構築された代替端末と、
第1の端末からシグナリング層を介して第2の端末に選択的に送信される第1の鍵交換kと、
第2の端末が第1の鍵交換kを受信したときに、代替端末からメディア層を介して第1の端末に選択的に送信されるランダムナンスrと
を備える、システム。 - kおよびrから導出されたセッション鍵がsk=Fk(r)によってさらに定義され、但し、Fが擬似ランダム関数である、請求項1に記載の効率的鍵交換。
- 第1の端末および第2の端末が長期PSKを交換し、その後のSIPセッションにおいて実証可能な方法で安全なおよび効率的な鍵交換を実行する、請求項1に記載の効率的鍵交換。
- 第1の端末がランダムナンスrを受信するときに鍵導出が完了する、請求項1に記載の効率的鍵交換。
- 少なくとも1つのプロキシサーバを介して少なくとも1つの第1のデバイスから少なくとも1つの第2のデバイスにコスト効率のよい、安全な鍵交換を提供するシステムであって、
少なくとも1つのプロキシサーバを介する少なくとも1つの第1のデバイスから少なくとも1つの第2のデバイスへの第1の鍵交換と、
インターネットのメディアストリームを介する少なくとも1つの第2のデバイスから少なくとも1つの第1のデバイスへの第2の鍵交換と
を備える、システム。 - システムを動作させる方法であって、
第1のおよび第2のインターネットデバイスの経路指定識別子を提供するステップと、
ランダム鍵を生成するステップと、
第2のインターネットデバイスの経路指定識別子を使用して、プロキシサーバを介して第1のインターネットデバイスから第2のインターネットデバイスにランダム鍵を送信するステップと、
第2のインターネットデバイスを使用して、第2の鍵を生成するステップと、
インターネットのメディア層を使用して、第2のインターネットデバイスから第1のインターネットデバイスに第2の鍵を送信するステップと
を含む、方法。 - システムが効率的鍵交換を生成し、ランダム鍵がさらに鍵kによって定義され、第2の鍵がさらにナンスrによって定義され、セッション鍵がさらにsk=Fk(r)によって定義され、但しFが擬似ランダム関数である、請求項6に記載の方法。
- ナンスrが普通テキストを使用して第2のインターネットデバイスから第1のインターネットデバイスに送信される、請求項7に記載の方法。
- 通信ネットワーク内の鍵交換システムであって、
第1の電子デバイスからの問合せの少なくとも1人の関係者を識別し、通知するためのシグナリング層鍵k、および、第1の電子デバイスにデータを送信するためのメディア層ナンスrを含む、鍵セッションと、
メディア層ナンスrについてのデータを生成するように構成および構築された第2の電子デバイスと
を備える、システム。 - PSKが第1の電子デバイス内に保存され、第1の電子デバイスが、繰返しコールが起動されるときに目標変更が生じたかを判定する、請求項9に記載のシステム。
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/459,717 US9106628B2 (en) | 2009-07-07 | 2009-07-07 | Efficient key management system and method |
US12/459,717 | 2009-07-07 | ||
PCT/US2010/039647 WO2011005569A2 (en) | 2009-07-07 | 2010-06-23 | Efficient key management system and method |
Publications (1)
Publication Number | Publication Date |
---|---|
JP2012533218A true JP2012533218A (ja) | 2012-12-20 |
Family
ID=43428357
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2012519565A Pending JP2012533218A (ja) | 2009-07-07 | 2010-06-23 | 効率的鍵管理システムおよび方法 |
Country Status (6)
Country | Link |
---|---|
US (1) | US9106628B2 (ja) |
EP (1) | EP2452477B1 (ja) |
JP (1) | JP2012533218A (ja) |
KR (1) | KR101367038B1 (ja) |
CN (1) | CN102474509B (ja) |
WO (1) | WO2011005569A2 (ja) |
Families Citing this family (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
AU2008288711A1 (en) * | 2007-08-22 | 2009-02-26 | Commonwealth Scientific And Industrial Research Organisation | A system, garment and method |
GB2500720A (en) * | 2012-03-30 | 2013-10-02 | Nec Corp | Providing security information to establish secure communications over a device-to-device (D2D) communication link |
CN103685181A (zh) * | 2012-09-13 | 2014-03-26 | 北京大唐高鸿软件技术有限公司 | 一种基于srtp的密钥协商方法 |
US8898769B2 (en) | 2012-11-16 | 2014-11-25 | At&T Intellectual Property I, Lp | Methods for provisioning universal integrated circuit cards |
US8601144B1 (en) * | 2012-11-27 | 2013-12-03 | Sansay, Inc. | Systems and methods for automatic ICE relay candidate creation |
US9712320B1 (en) * | 2013-06-11 | 2017-07-18 | EMC IP Holding Company LLC | Delegatable pseudorandom functions and applications |
US9036820B2 (en) | 2013-09-11 | 2015-05-19 | At&T Intellectual Property I, Lp | System and methods for UICC-based secure communication |
US9124573B2 (en) | 2013-10-04 | 2015-09-01 | At&T Intellectual Property I, Lp | Apparatus and method for managing use of secure tokens |
US9208300B2 (en) | 2013-10-23 | 2015-12-08 | At&T Intellectual Property I, Lp | Apparatus and method for secure authentication of a communication device |
US9240994B2 (en) | 2013-10-28 | 2016-01-19 | At&T Intellectual Property I, Lp | Apparatus and method for securely managing the accessibility to content and applications |
US9240989B2 (en) | 2013-11-01 | 2016-01-19 | At&T Intellectual Property I, Lp | Apparatus and method for secure over the air programming of a communication device |
US9313660B2 (en) | 2013-11-01 | 2016-04-12 | At&T Intellectual Property I, Lp | Apparatus and method for secure provisioning of a communication device |
US9819485B2 (en) * | 2014-05-01 | 2017-11-14 | At&T Intellectual Property I, L.P. | Apparatus and method for secure delivery of data utilizing encryption key management |
US9713006B2 (en) | 2014-05-01 | 2017-07-18 | At&T Intellectual Property I, Lp | Apparatus and method for managing security domains for a universal integrated circuit card |
CN106101068B (zh) * | 2016-05-27 | 2019-06-11 | 宇龙计算机通信科技(深圳)有限公司 | 终端通信方法及系统 |
US10887293B2 (en) | 2018-03-20 | 2021-01-05 | International Business Machines Corporation | Key identifiers in an obliviousness pseudorandom function (OPRF)-based key management service (KMS) |
US10887088B2 (en) | 2018-03-20 | 2021-01-05 | International Business Machines Corporation | Virtualizing a key hierarchy using a partially-oblivious pseudorandom function (P-OPRF) |
US10841080B2 (en) | 2018-03-20 | 2020-11-17 | International Business Machines Corporation | Oblivious pseudorandom function in a key management system |
US11115206B2 (en) | 2018-08-23 | 2021-09-07 | International Business Machines Corporation | Assymetric structured key recovering using oblivious pseudorandom function |
US10924267B2 (en) | 2018-08-24 | 2021-02-16 | International Business Machines Corporation | Validating keys derived from an oblivious pseudorandom function |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2003188874A (ja) * | 2001-10-11 | 2003-07-04 | Hewlett Packard Co <Hp> | 安全にデータを伝送する方法 |
JP2006042228A (ja) * | 2004-07-30 | 2006-02-09 | Fujitsu Ltd | ホームターミナル及び着信転送サービスシステム |
JP2007110705A (ja) * | 2005-09-24 | 2007-04-26 | Internatl Business Mach Corp <Ibm> | Sipシグナリングの暗号化を検証するための方法および装置 |
Family Cites Families (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5907618A (en) * | 1997-01-03 | 1999-05-25 | International Business Machines Corporation | Method and apparatus for verifiably providing key recovery information in a cryptographic system |
TW425821B (en) * | 1999-05-31 | 2001-03-11 | Ind Tech Res Inst | Key management method |
US6879690B2 (en) * | 2001-02-21 | 2005-04-12 | Nokia Corporation | Method and system for delegation of security procedures to a visited domain |
DE10137152A1 (de) * | 2001-07-30 | 2003-02-27 | Scm Microsystems Gmbh | Verfahren zur Übertragung vertraulicher Daten |
EP1320006A1 (en) * | 2001-12-12 | 2003-06-18 | Canal+ Technologies Société Anonyme | Processing data |
SG105005A1 (en) * | 2002-06-12 | 2004-07-30 | Contraves Ag | Device for firearms and firearm |
US20050195975A1 (en) * | 2003-01-21 | 2005-09-08 | Kevin Kawakita | Digital media distribution cryptography using media ticket smart cards |
US8024560B1 (en) * | 2004-10-12 | 2011-09-20 | Alten Alex I | Systems and methods for securing multimedia transmissions over the internet |
US20060182124A1 (en) * | 2005-02-15 | 2006-08-17 | Sytex, Inc. | Cipher Key Exchange Methodology |
US7783041B2 (en) * | 2005-10-03 | 2010-08-24 | Nokia Corporation | System, method and computer program product for authenticating a data agreement between network entities |
JP4622951B2 (ja) * | 2006-07-26 | 2011-02-02 | ソニー株式会社 | 通信システムおよび通信方法、情報処理装置および方法、デバイス、プログラム、並びに記録媒体 |
US8102999B2 (en) * | 2006-08-18 | 2012-01-24 | Medtronic, Inc. | Secure telemetric link |
US8108677B2 (en) * | 2006-10-19 | 2012-01-31 | Alcatel Lucent | Method and apparatus for authentication of session packets for resource and admission control functions (RACF) |
EP2482218A3 (en) * | 2006-12-05 | 2012-10-31 | Security First Corporation | Improved storage backup method using a secure data parser |
CN101330504B (zh) * | 2007-06-28 | 2011-10-26 | 中兴通讯股份有限公司 | 一种基于共享密钥的sip网络中传输层安全的实现方法 |
JP2009111437A (ja) * | 2007-10-26 | 2009-05-21 | Hitachi Ltd | ネットワークシステム |
CN101227474A (zh) * | 2008-02-01 | 2008-07-23 | 中兴通讯股份有限公司 | 软交换网络中的会话初始化协议用户鉴权方法 |
AU2009231676B2 (en) * | 2008-04-02 | 2013-10-03 | Twilio Inc. | System and method for processing telephony sessions |
JP2009296190A (ja) * | 2008-06-04 | 2009-12-17 | Panasonic Corp | 秘匿通信方法 |
-
2009
- 2009-07-07 US US12/459,717 patent/US9106628B2/en active Active
-
2010
- 2010-06-23 KR KR1020127000473A patent/KR101367038B1/ko active IP Right Grant
- 2010-06-23 CN CN201080030454.3A patent/CN102474509B/zh active Active
- 2010-06-23 WO PCT/US2010/039647 patent/WO2011005569A2/en active Application Filing
- 2010-06-23 EP EP10727633.9A patent/EP2452477B1/en active Active
- 2010-06-23 JP JP2012519565A patent/JP2012533218A/ja active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2003188874A (ja) * | 2001-10-11 | 2003-07-04 | Hewlett Packard Co <Hp> | 安全にデータを伝送する方法 |
JP2006042228A (ja) * | 2004-07-30 | 2006-02-09 | Fujitsu Ltd | ホームターミナル及び着信転送サービスシステム |
JP2007110705A (ja) * | 2005-09-24 | 2007-04-26 | Internatl Business Mach Corp <Ibm> | Sipシグナリングの暗号化を検証するための方法および装置 |
Non-Patent Citations (1)
Title |
---|
JPN6013024009; Gupta, P. and Shmatikov, V.: 'Security Analysis of Voice-over-IP Protocols' 20th IEEE Computer Security Foundations Symposium , 2007, p. 49-63 * |
Also Published As
Publication number | Publication date |
---|---|
KR101367038B1 (ko) | 2014-02-24 |
WO2011005569A2 (en) | 2011-01-13 |
EP2452477B1 (en) | 2018-12-26 |
CN102474509A (zh) | 2012-05-23 |
WO2011005569A3 (en) | 2011-03-24 |
KR20120027485A (ko) | 2012-03-21 |
US20110010549A1 (en) | 2011-01-13 |
US9106628B2 (en) | 2015-08-11 |
EP2452477A2 (en) | 2012-05-16 |
CN102474509B (zh) | 2016-05-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9106628B2 (en) | Efficient key management system and method | |
JP5143125B2 (ja) | ドメイン間情報通信のための認証方法、システム、およびその装置 | |
Westerlund et al. | Options for securing RTP sessions | |
US20140351595A1 (en) | Key Management in a Communication Network | |
CN101471772A (zh) | 一种通信方法、装置和系统 | |
Wing et al. | Requirements and analysis of media security management protocols | |
Gurbani et al. | A survey and analysis of media keying techniques in the session initiation protocol (SIP) | |
US8924722B2 (en) | Apparatus, method, system and program for secure communication | |
Wu et al. | Practical authentication scheme for SIP | |
Karopoulos et al. | Complete SIP message obfuscation: PrivaSIP over Tor | |
Subashri et al. | Real time implementation of Elliptic Curve Cryptography over a open source VoIP server | |
EP2266251B1 (en) | Efficient multiparty key exchange | |
Floroiu et al. | A comparative analysis of the security aspects of the multimedia key exchange protocols | |
Cengiz | A practical key agreement scheme for videoconferencing | |
Aghila et al. | An Analysis of VoIP Secure Key Exchange Protocols Against Man-In-The-Middle Attack | |
Tao et al. | A lightweight authentication scheme for Session Initiation Protocol | |
Eliasson | Secure Internet telephony: design, implementation and performance measurements | |
Lohiya et al. | End to End Encryption Architecture for Voice over Internet Protocol | |
Hsieh | Reference Phone Number: A Secure and QoS-improved SIP-based phone system | |
Deusajute et al. | The sip security enhanced by using pairing-assisted massey-omura signcryption | |
Zisiadis et al. | VIPSec defined | |
CN101207478B (zh) | 一种跨域多网守端到端会话密钥协商方法 | |
Khalil et al. | Secured Voice Over Internet Protocol Based On Blowfish | |
Zawadzki | The VoIP communication security protocols | |
Kungpisdan et al. | Improving identity privacy and authentication in SIP transactions |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20130528 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20130816 |
|
A02 | Decision of refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A02 Effective date: 20130910 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20131227 |
|
A911 | Transfer to examiner for re-examination before appeal (zenchi) |
Free format text: JAPANESE INTERMEDIATE CODE: A911 Effective date: 20140109 |
|
A912 | Re-examination (zenchi) completed and case transferred to appeal board |
Free format text: JAPANESE INTERMEDIATE CODE: A912 Effective date: 20140328 |