US20150089220A1 - Technique For Bypassing an IP PBX - Google Patents
Technique For Bypassing an IP PBX Download PDFInfo
- Publication number
- US20150089220A1 US20150089220A1 US14/034,552 US201314034552A US2015089220A1 US 20150089220 A1 US20150089220 A1 US 20150089220A1 US 201314034552 A US201314034552 A US 201314034552A US 2015089220 A1 US2015089220 A1 US 2015089220A1
- Authority
- US
- United States
- Prior art keywords
- server
- data packet
- public key
- address
- secure hash
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
- 238000000034 method Methods 0.000 title claims abstract description 46
- 238000004891 communication Methods 0.000 claims abstract description 55
- 230000000977 initiatory effect Effects 0.000 claims description 10
- 239000007787 solid Substances 0.000 claims 1
- 238000010586 diagram Methods 0.000 description 8
- 230000001010 compromised effect Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- HBBGRARXTFLTSG-UHFFFAOYSA-N Lithium ion Chemical compound [Li+] HBBGRARXTFLTSG-UHFFFAOYSA-N 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 229910001416 lithium ion Inorganic materials 0.000 description 1
- 241000238565 lobster Species 0.000 description 1
- 230000033001 locomotion Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1408—Protection against unauthorised use of memory or access to memory by using cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/10—Architectures or entities
- H04L65/1053—IP private branch exchange [PBX] functionality entities or arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1069—Session establishment or de-establishment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3252—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/082—Access security using revocation of authorisation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/24—Key scheduling, i.e. generating round keys or sub-keys for block encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Definitions
- the present invention relates to a technique for bypassing an Internet Protocol PBX (Internet Protocol Private Branch Exchange) to achieve greater security.
- PBX Internet Protocol Private Branch Exchange
- a VoIP (Voice over Internet Protocol) telephone system includes one or more phones (e.g., SIP phones, VoIP phones, soft phones) that are coupled to an IP PBX (Internet Protocol Private Branch Exchange).
- IP PBX Internet Protocol Private Branch Exchange
- the IP PBX delivers voice over a data network and is usually interoperable with the Public Switched Telephone Network (PSTN).
- PSTN Public Switched Telephone Network
- Clients register with the IP PBX, and when a call is made, a request is sent to the IP PBX to establish the connection.
- the PBX includes a location register with information relating to all phones/users registered with the IP PBX.
- the IP PBX uses the corresponding caller IP address from the location register to connect via either a VoIP service provider or a VoIP gateway (for calls over the PSTN).
- a method for establishing communication via a VoIP network that bypasses the IP PBX component conventionally used to obtain address information is provided. Instead of obtaining the IP address from a location register of the IP PBX, the method involves use of a secure server configured to assign and provide to the caller's communication device a unique address (IP address/port) of a proxy. The caller's device then sends a Short Message Service (SMS) text message to the callee's device with the assigned address of the proxy.
- SMS Short Message Service
- the caller and the callee connect at the assigned address of the proxy, thereby forming a communication path.
- the devices operated by the parties are conventional smart phones.
- the initiation request sent to the server includes an authentication token.
- the address of the proxy is received from the server, responsive to the initiation request, only if the server, using the authentication token, authenticates the device operated by the first party.
- the message further includes an authentication token.
- the connection with the second party at the address of the proxy occurs only if, using the authentication token, the device operated by the second party authenticates the device operated by the first party.
- the method further comprises the steps of determining whether to encrypt the communication; and encrypting the communication, if it is determined that the communication is to be encrypted.
- encrypting the communication includes negotiating an encryption scheme to use.
- encrypting the communication includes encrypting data packets using the Station-to-Station (STS) protocol.
- STS Station-to-Station
- FIG. 1 shows an exemplary diagram of a VoIP system wherein communication is accomplished using a technique for bypassing an IP PBX;
- FIG. 2 shows a sequence diagram illustrating an example of the technique for bypassing an IP PBX
- FIG. 3 shows a flow chart illustrating a technique for encrypting data packets to ensure confidential communication
- FIG. 4 shows an exemplary diagram of a VoIP system wherein group communication is accomplished using the technique for bypassing an IP PBX;
- FIG. 5 shows a block diagram of an exemplary communication device useable in conjunction with the present invention.
- FIG. 1 shows an exemplary diagram of a VoIP system wherein communication is accomplished using a technique for bypassing an IP PBX.
- a first party referred to herein as “Alice”
- a communication device 200 such as a smart phone
- Bob a second party
- an IP PBX such as the IP PBX 128
- the IP PBX 128 would use the corresponding caller IP address from the location register to connect via either a VoIP service provider or the VoIP gateway 127 (for calls over the PSTN 160 ).
- the present invention allows the communication device 200 of Alice to bypass the IP PBX 128 to establish communication with the communication device 200 of Bob.
- communication is accomplished using a technique in which a Secure Server 130 acts as a “match maker” between the communication devices 200 . More particularly, the Secure Server 130 arranges for a proxy server 135 to be available at which both the parties can rendezvous. Because both the first party and the second party will be connected to the same IP address and port (of the proxy server 135 ), a communication path can be established between them.
- FIGS. 1 and 2 show only two parties engaging in communication, it is to be understood that a VoIP system of the sort useable in conjunction with the present invention would be able to accommodate many more users concurrently. Additionally, it is to be understood that while only one IP PBX is shown, the network would include many more. Furthermore, it is to be understood that although the present discussion relates to examples of voice communication, other modes of packet-based communication (e.g., video, text) could also be supported.
- FIG. 2 shows a sequence diagram illustrating an example of the technique for bypassing an IP PBX.
- Alice's communication device 200 sends a request to the Secure Server 130 to initiate secure communication.
- Alice is provided by the Secure Server 130 with an IP address and a port where it has made a proxy 135 available that listens for incoming voice connections.
- Alice's communication device 200 connects to the provided IP address and port.
- Alice sends an SMS message containing the IP address and port of the proxy that was provided to it by the Voice Server, and an authentication token, to Bob.
- Bob authenticates Alice then proceeds to connect to the proxy's IP address and port. Because both Alice and Bob are now connected to the same IP address and port, a communication path can be established between Alice and Bob.
- this technique does not require (persistent) storage of the IP address of the communication device 200 of either party on any component of the network. Moreover, Alice never obtains the IP address of Bob, and the Bob never obtains the IP address of Alice. Furthermore, if the Secure Server 130 itself is compromised, the only information available would be the IP addresses of the current users of the server. In any case, once it is determined that the Secure Server 130 has been compromised, any identifying information will be automatically flushed. Because the Secure Server 130 does not require a location register, it does not have information as to every user of the system. Moreover, interrogation of any of the communication devices would not yield the IP addresses of persons for whom calls were made. This is accomplished because the technique described herein does not require the IP address of the other party.
- Alice and Bob can, optionally, choose to have their voice communication encrypted.
- the encryption scheme described herein is based upon the Station-to-Station (STS) protocol. See, Diffie, W.; van Oorschot, P. C.; Wiener, M. J. (1992), “Authentication and Authenticated Key Exchanges”, Designs, Codes and Cryptography, which is incorporated by reference. However, it is to be appreciated that other suitable encryption schemes can be used. Furthermore, it is to be understood that the parties can negotiate a mutually agreeable scheme during the initial handshake.
- step 1 Alice generates a random elliptic curve key pair X and sends the public coordinate Xpub to Bob.
- Bob generates a random elliptic curve key pair Y.
- FIG. 4 shows an exemplary diagram of a VoIP system wherein group communication is accomplished using the technique for bypassing an IP PBX.
- a group call between Alice, Bob, and Chris is made by each of the parties rendezvousing at the same address/port of the proxy 135 .
- Alice (assuming Alice is the one initiating the group call) would contact the Secure Server 130 to obtain the address/port of the proxy 135 .
- Alice in addition to sending an SMS message to Bob, Alice could also send the SMS message to Chris.
- Bob could forward an SMS message to Chris once he has received the address information from Alice.
- each of the parties would “meet” at the proxy 135 to engage in group communication.
- FIG. 5 shows a block diagram of an exemplary communication device 200 useable in conjunction with the present invention.
- the communication device 200 is a smart phone capable of wirelessly sending and receiving voice data packets via a wireless communication network (e.g., a cellular network) for voice communication, and which supports SMS text messaging and allows Internet access.
- the communication device 200 includes a communication interface 201 , a processor 203 , a memory 205 (including an application 506 stored therein), a power supply 207 (e.g., a lithium-ion battery), and an input/output 209 (e.g., one or more USB ports, a QWERTY keyboard/touch screen equivalent).
- a wireless communication network e.g., a cellular network
- the communication device 200 includes a communication interface 201 , a processor 203 , a memory 205 (including an application 506 stored therein), a power supply 207 (e.g., a lithium-ion battery), and an input/output 209 (e.
- Representative communication devices 200 useable in conjunction with the present invention include the BLACKBERRY line of smart phones by Research In Motion, Ltd, of Waterloo, Ontario; the iPHONE smart phones by Apple Computer, Inc., of Cupertino, Calif.; the DROID, RIZR Z8, RIZR Z10, Q9c smart phones by Motorola, Inc., of Schaumburg, Ill.; the Palm line of smart phones, by Palm, Inc., of Sunnyvale, Calif.; the E51, E71, E72, E90 COMMUNICATOR, N82, N95, and N96 smart phones by Nokia Corporation, of Espoo, Finland; the TOUCHPRO, TYTN, and TYTN II smart phones by HTC Corporation, of Taiwan; the GLOFISH X500 smart phone by E-TEN Information Systems Co., Ltd., of Taiwan; the CT810 INCITE by LG Corporation, of Seoul, South Korea; the BLACKJACK, OMNIA, SCH-1730, SCH-1760, and SCH-1900 smart phones by Samsung Group, of Seoul, South
- a notable feature of the present invention is that readily available “smart phone” devices can be used to ensure end-to-end encryption for secure transmission of classified information.
- NSA National Security Agency
- Type 1 wireless communications devices are generally large, bulky, easily recognized and limited as to the particular wireless networks in which they can operate.
- NSA Type 1 devices are expensive, non-discreet, and incompatible with the rapidly changing mobile handset market.
- the encryption scheme used herein is based on the peer-to-peer model.
- the present system can provide security at a very high level (including the secure transmission of classified information) but does not require any special purpose user communication devices.
- a user of the system is to have a smart phone that has loaded in its memory 205 software capable of (for initiating a call) establishing an authenticated session with the Secure Server 130 , negotiating with the Secure Server 130 regarding the rendezvous point, relaying this information to the callee via an SMS message, and performing the peer-to-peer encryption in conjunction with the other party's communication device; and (for receiving the call) receiving the SMS message, connecting with the caller at the rendezvous point, and performing the necessary steps of the encryption process.
- Alice and Bob may need to identify and authenticate themselves to the server. It is assumed that Alice and Bob are already aware of each other's existence; likewise both are aware that the server exists.
- Alice wants to communicate with Bob Alice must first associate with the server. Alice will encrypt its data message with Bob's public key to form an encrypted data packet with the data message appended with Bob's public key. Next, Alice appends the data packet with Bob's address.
- Alice uses a unique secure hash of Bob's public key—instead of using Bob's IP address, name, or other identifying feature.
- the authentication process Prior to sending the appended data packet (including the encrypted data packet with the data message and the unique secure hash of Bob's public key) to the server, Alice must first authenticate itself with the server.
- the authentication process is intended to prevent malicious use and serves as a means of positively identifying Alice and confirming that Alice is authorized to use the server.
- the authentication process includes the server challenging Alice to sign a unique NONCE (number only used once) chosen by the server with Alice's private key.
- the server uses Alice's public key to validate the signature of the chosen NONCE as coming from Alice's private key to positively confirm Alice's identity.
- Alice then sends the last appended data packet (including the encrypted data packet with the data message and the unique secure hash of Bob's public key) to the server.
- the server receives the appended data packet and stores it in the server's memory.
- the server is unable to open the encrypted appended data packet and is only able to read the unique secure hash of Bob's public key.
- the server sets the appended data packet in memory and at this point may not know who Bob is.
- Bob connects to the server and provides the unique secure hash of Bob's public key.
- the server requires Bob to positively identify and “sign” for the data packet.
- This authentication process includes the server challenging Bob to sign a unique NONCE (number only used once) chosen by the server with Bob's private key.
- the server uses Bob's public key to validate the signature on the chosen NONCE as coming from Bob's private key to positively confirm Bob's identity. Having positively confirmed Bob's identity, the server delivers all of the data packets with the unique secure hash of Bob's public key to Bob.
- Bob is able to decrypt the data packets using its private key and read the message.
- the use of the secure hash of the device's public key is beneficial compared to using a device's complete certificate because the secure hash of the device's public key requires less bandwidth to send across communication networks.
- a secure hash of the device's public key e.g. based on the SHA-256 algorithm
- the full certificate e.g. based on the X.509 standard
- the secure hash of the device's public key may be similarly as unique as the certificate, and hence just as secure.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- General Business, Economics & Management (AREA)
- Business, Economics & Management (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
- The present application is related to and claims priority from prior pending application Ser. No. 12/916,522 filed Oct. 30, 2010, the contents of which are incorporated herein by reference.
- The present invention relates to a technique for bypassing an Internet Protocol PBX (Internet Protocol Private Branch Exchange) to achieve greater security.
- Conventionally, a VoIP (Voice over Internet Protocol) telephone system includes one or more phones (e.g., SIP phones, VoIP phones, soft phones) that are coupled to an IP PBX (Internet Protocol Private Branch Exchange). The IP PBX delivers voice over a data network and is usually interoperable with the Public Switched Telephone Network (PSTN). Clients register with the IP PBX, and when a call is made, a request is sent to the IP PBX to establish the connection. The PBX includes a location register with information relating to all phones/users registered with the IP PBX. When a call is initiated, the IP PBX uses the corresponding caller IP address from the location register to connect via either a VoIP service provider or a VoIP gateway (for calls over the PSTN).
- However, this conventional approach to VoIP is not very secure. In particular, it is possible for the IP PBX to be compromised. For example, an adversary might get a hold of the IP PBX server, and obtain useful information to identify persons using the system. Where the IP PBX is used for a particular purpose, such information could be used to determine who is using it for this purpose. Furthermore, if the IP PBX is used by a particular organization, the adversary could draw a connection between the individuals who were identified and the organization. Where persons are operating clandestinely, such a security breach could have severe consequences.
- A method for establishing communication via a VoIP network that bypasses the IP PBX component conventionally used to obtain address information is provided. Instead of obtaining the IP address from a location register of the IP PBX, the method involves use of a secure server configured to assign and provide to the caller's communication device a unique address (IP address/port) of a proxy. The caller's device then sends a Short Message Service (SMS) text message to the callee's device with the assigned address of the proxy.
- Thereafter, the caller and the callee connect at the assigned address of the proxy, thereby forming a communication path. Preferably, the devices operated by the parties are conventional smart phones.
- Preferably, the initiation request sent to the server includes an authentication token. Preferably, the address of the proxy is received from the server, responsive to the initiation request, only if the server, using the authentication token, authenticates the device operated by the first party.
- Preferably, the message further includes an authentication token. Preferably, the connection with the second party at the address of the proxy occurs only if, using the authentication token, the device operated by the second party authenticates the device operated by the first party.
- According to the preferred embodiment of the present invention, the method further comprises the steps of determining whether to encrypt the communication; and encrypting the communication, if it is determined that the communication is to be encrypted. Preferably, encrypting the communication includes negotiating an encryption scheme to use. Preferably, encrypting the communication includes encrypting data packets using the Station-to-Station (STS) protocol.
- These and other aspects, features, and advantages of the present invention will become apparent from the following detailed description of preferred embodiments, which is to be read in connection with the accompanying drawings.
-
FIG. 1 shows an exemplary diagram of a VoIP system wherein communication is accomplished using a technique for bypassing an IP PBX; -
FIG. 2 shows a sequence diagram illustrating an example of the technique for bypassing an IP PBX; -
FIG. 3 shows a flow chart illustrating a technique for encrypting data packets to ensure confidential communication; -
FIG. 4 shows an exemplary diagram of a VoIP system wherein group communication is accomplished using the technique for bypassing an IP PBX; and -
FIG. 5 shows a block diagram of an exemplary communication device useable in conjunction with the present invention. -
FIG. 1 shows an exemplary diagram of a VoIP system wherein communication is accomplished using a technique for bypassing an IP PBX. As depicted inFIG. 1 , a first party, referred to herein as “Alice”, uses acommunication device 200, such as a smart phone, to establish communication with a second party, referred to herein as “Bob”, having a similarsuch communication device 200. As is known in the art, an IP PBX such as theIP PBX 128, includes a location register with information relating to all phones/users registered with theIP PBX 128. Conventionally, when a call is initiated, theIP PBX 128 would use the corresponding caller IP address from the location register to connect via either a VoIP service provider or the VoIP gateway 127 (for calls over the PSTN 160). As will be described in greater detail, the present invention allows thecommunication device 200 of Alice to bypass theIP PBX 128 to establish communication with thecommunication device 200 of Bob. - According to the systems and methods of the present invention, communication is accomplished using a technique in which a Secure
Server 130 acts as a “match maker” between thecommunication devices 200. More particularly, the SecureServer 130 arranges for aproxy server 135 to be available at which both the parties can rendezvous. Because both the first party and the second party will be connected to the same IP address and port (of the proxy server 135), a communication path can be established between them. - It is to be understood that the exemplary VoIP system shown in the drawings and described herein is provided for illustrative purposes, and is not meant to be limiting. For example, while
FIGS. 1 and 2 show only two parties engaging in communication, it is to be understood that a VoIP system of the sort useable in conjunction with the present invention would be able to accommodate many more users concurrently. Additionally, it is to be understood that while only one IP PBX is shown, the network would include many more. Furthermore, it is to be understood that although the present discussion relates to examples of voice communication, other modes of packet-based communication (e.g., video, text) could also be supported. -
FIG. 2 shows a sequence diagram illustrating an example of the technique for bypassing an IP PBX. As shown inFIG. 2 , initially, (step 1) Alice'scommunication device 200 sends a request to the SecureServer 130 to initiate secure communication. Then, (step 2) after Alice is authenticated by the SecureServer 130, Alice is provided by the SecureServer 130 with an IP address and a port where it has made aproxy 135 available that listens for incoming voice connections. Then, (step 3) Alice'scommunication device 200 connects to the provided IP address and port. Next, (step 4) Alice sends an SMS message containing the IP address and port of the proxy that was provided to it by the Voice Server, and an authentication token, to Bob. Finally, (step 5) using the authentication token, Bob authenticates Alice then proceeds to connect to the proxy's IP address and port. Because both Alice and Bob are now connected to the same IP address and port, a communication path can be established between Alice and Bob. - Advantageously, this technique does not require (persistent) storage of the IP address of the
communication device 200 of either party on any component of the network. Moreover, Alice never obtains the IP address of Bob, and the Bob never obtains the IP address of Alice. Furthermore, if the SecureServer 130 itself is compromised, the only information available would be the IP addresses of the current users of the server. In any case, once it is determined that the SecureServer 130 has been compromised, any identifying information will be automatically flushed. Because the SecureServer 130 does not require a location register, it does not have information as to every user of the system. Moreover, interrogation of any of the communication devices would not yield the IP addresses of persons for whom calls were made. This is accomplished because the technique described herein does not require the IP address of the other party. - Continuing with the example, with reference to
FIG. 3 , Alice and Bob can, optionally, choose to have their voice communication encrypted. - The encryption scheme described herein is based upon the Station-to-Station (STS) protocol. See, Diffie, W.; van Oorschot, P. C.; Wiener, M. J. (1992), “Authentication and Authenticated Key Exchanges”, Designs, Codes and Cryptography, which is incorporated by reference. However, it is to be appreciated that other suitable encryption schemes can be used. Furthermore, it is to be understood that the parties can negotiate a mutually agreeable scheme during the initial handshake.
- The following steps describe the STS protocol using Elliptic Curve cryptography and make the assumption that both sides already know each others' public keys. If a step fails, the protocol stops immediately. Initially, (step 1) Alice generates a random elliptic curve key pair X and sends the public coordinate Xpub to Bob. Next, (step 2) Bob generates a random elliptic curve key pair Y. Then, (step 3) Bob computes the shared secret key K using the Elliptic Curve Diffie-Hellman algorithm with parameters Xpub and Yprivate such that K=ECDH(Xpub, Yprivate). Next, (step 4) Bob concatenates the public keys (Ypub, Xpub) (order is important), signs them using his elliptic curve device-specific key Bprivate, and then encrypts them with K. He sends the ciphertext along with his own public coordinate Ypub to Alice. Then, (step 5) Alice computes the shared secret key K=ECDH(Ypub, Xprivate) Next, (step 6) Alice decrypts and verifies Bob's signature using Bpublic. Then, (step 7) Alice concatenates the exponentials (Xpub, Ypub) (order is important), signs them using her asymmetric key Aprivate and then encrypts them with K. She sends the ciphertext to Bob. Finally, (step 8) Bob decrypts and verifies Alice's signature using Apublic. Alice and Bob are now mutually authenticated and have a shared secret. This secret, K, can then be used to encrypt further communication.
-
FIG. 4 shows an exemplary diagram of a VoIP system wherein group communication is accomplished using the technique for bypassing an IP PBX. As illustrated inFIG. 4 , a group call between Alice, Bob, and Chris is made by each of the parties rendezvousing at the same address/port of theproxy 135. As with the example provided above, Alice (assuming Alice is the one initiating the group call) would contact theSecure Server 130 to obtain the address/port of theproxy 135. In the case of the group call, in addition to sending an SMS message to Bob, Alice could also send the SMS message to Chris. Alternatively, Bob could forward an SMS message to Chris once he has received the address information from Alice. In either case, each of the parties would “meet” at theproxy 135 to engage in group communication. -
FIG. 5 shows a block diagram of anexemplary communication device 200 useable in conjunction with the present invention. Preferably, thecommunication device 200 is a smart phone capable of wirelessly sending and receiving voice data packets via a wireless communication network (e.g., a cellular network) for voice communication, and which supports SMS text messaging and allows Internet access. As depicted, thecommunication device 200 includes acommunication interface 201, aprocessor 203, a memory 205 (including anapplication 506 stored therein), a power supply 207 (e.g., a lithium-ion battery), and an input/output 209 (e.g., one or more USB ports, a QWERTY keyboard/touch screen equivalent). - Representative communication devices 200 useable in conjunction with the present invention include the BLACKBERRY line of smart phones by Research In Motion, Ltd, of Waterloo, Ontario; the iPHONE smart phones by Apple Computer, Inc., of Cupertino, Calif.; the DROID, RIZR Z8, RIZR Z10, Q9c smart phones by Motorola, Inc., of Schaumburg, Ill.; the Palm line of smart phones, by Palm, Inc., of Sunnyvale, Calif.; the E51, E71, E72, E90 COMMUNICATOR, N82, N95, and N96 smart phones by Nokia Corporation, of Espoo, Finland; the TOUCHPRO, TYTN, and TYTN II smart phones by HTC Corporation, of Taiwan; the GLOFISH X500 smart phone by E-TEN Information Systems Co., Ltd., of Taiwan; the CT810 INCITE by LG Corporation, of Seoul, South Korea; the BLACKJACK, OMNIA, SCH-1730, SCH-1760, and SCH-1900 smart phones by Samsung Group, of Seoul, South Korea; the LOBSTER 700TV smart phone/TV by Virgin Mobile, PLC, of London, United Kingdom; the IPAQ smart phone by Hewlett-Packard Company, of Palo Alto, Calif.; the PORTEGE G900 smart phone by Toshiba Corporation, of Tokyo, Japan; and the P990, W95oI, W960I, and X1 smart phones by Sony Ericsson, of London, United Kingdom.
- A notable feature of the present invention is that readily available “smart phone” devices can be used to ensure end-to-end encryption for secure transmission of classified information. Traditionally, National Security Agency (NSA)
Type 1 devices were used for such purposes. However,such NSA Type 1 wireless communications devices are generally large, bulky, easily recognized and limited as to the particular wireless networks in which they can operate. - Additionally,
NSA Type 1 devices are expensive, non-discreet, and incompatible with the rapidly changing mobile handset market. The encryption scheme used herein is based on the peer-to-peer model. Advantageously, the present system can provide security at a very high level (including the secure transmission of classified information) but does not require any special purpose user communication devices. The only requirement is for a user of the system is to have a smart phone that has loaded in itsmemory 205 software capable of (for initiating a call) establishing an authenticated session with theSecure Server 130, negotiating with theSecure Server 130 regarding the rendezvous point, relaying this information to the callee via an SMS message, and performing the peer-to-peer encryption in conjunction with the other party's communication device; and (for receiving the call) receiving the SMS message, connecting with the caller at the rendezvous point, and performing the necessary steps of the encryption process. - With respect to the embodiments of the invention, Alice and Bob may need to identify and authenticate themselves to the server. It is assumed that Alice and Bob are already aware of each other's existence; likewise both are aware that the server exists. When Alice wants to communicate with Bob, Alice must first associate with the server. Alice will encrypt its data message with Bob's public key to form an encrypted data packet with the data message appended with Bob's public key. Next, Alice appends the data packet with Bob's address. However in order to maintain anonymity and secure Bob's identity, Alice uses a unique secure hash of Bob's public key—instead of using Bob's IP address, name, or other identifying feature.
- Prior to sending the appended data packet (including the encrypted data packet with the data message and the unique secure hash of Bob's public key) to the server, Alice must first authenticate itself with the server. The authentication process is intended to prevent malicious use and serves as a means of positively identifying Alice and confirming that Alice is authorized to use the server. The authentication process includes the server challenging Alice to sign a unique NONCE (number only used once) chosen by the server with Alice's private key. The server then uses Alice's public key to validate the signature of the chosen NONCE as coming from Alice's private key to positively confirm Alice's identity.
- Alice then sends the last appended data packet (including the encrypted data packet with the data message and the unique secure hash of Bob's public key) to the server. The server receives the appended data packet and stores it in the server's memory. The server is unable to open the encrypted appended data packet and is only able to read the unique secure hash of Bob's public key. The server sets the appended data packet in memory and at this point may not know who Bob is.
- At a later time, Bob connects to the server and provides the unique secure hash of Bob's public key. In order to prevent malicious invasions and unauthorized access to the appended data packet, the server requires Bob to positively identify and “sign” for the data packet. This authentication process includes the server challenging Bob to sign a unique NONCE (number only used once) chosen by the server with Bob's private key. The server then uses Bob's public key to validate the signature on the chosen NONCE as coming from Bob's private key to positively confirm Bob's identity. Having positively confirmed Bob's identity, the server delivers all of the data packets with the unique secure hash of Bob's public key to Bob. Bob is able to decrypt the data packets using its private key and read the message.
- The use of the secure hash of the device's public key is beneficial compared to using a device's complete certificate because the secure hash of the device's public key requires less bandwidth to send across communication networks. For example a secure hash of the device's public key (e.g. based on the SHA-256 algorithm) may have a file size on the order of 32 Bytes. In comparison, the full certificate (e.g. based on the X.509 standard) can have a file size on the order of several hundreds of kilobytes. In addition, the secure hash of the device's public key may be similarly as unique as the certificate, and hence just as secure.
- While this invention has been described in conjunction with the various exemplary embodiments outlined above, it is evident that many alternatives, modifications and variations will be apparent to those skilled in the art. Accordingly, the exemplary embodiments of the invention, as set forth above, are intended to be illustrative, not limiting. Various changes may be made without departing from the spirit scope, of the invention.
Claims (33)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/034,552 US20150089220A1 (en) | 2009-10-31 | 2013-09-24 | Technique For Bypassing an IP PBX |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US25698109P | 2009-10-31 | 2009-10-31 | |
US33180210P | 2010-05-05 | 2010-05-05 | |
US12/916,522 US8588746B2 (en) | 2009-10-31 | 2010-10-30 | Technique for bypassing an IP PBX |
US14/034,552 US20150089220A1 (en) | 2009-10-31 | 2013-09-24 | Technique For Bypassing an IP PBX |
Publications (1)
Publication Number | Publication Date |
---|---|
US20150089220A1 true US20150089220A1 (en) | 2015-03-26 |
Family
ID=44069271
Family Applications (5)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/916,522 Active - Reinstated 2031-10-23 US8588746B2 (en) | 2009-10-31 | 2010-10-30 | Technique for bypassing an IP PBX |
US12/916,535 Active - Reinstated 2031-06-02 US8392699B2 (en) | 2009-10-31 | 2010-10-30 | Secure communication system for mobile devices |
US13/657,872 Active - Reinstated US8996861B1 (en) | 2009-10-31 | 2012-10-23 | Secure communications system for mobile devices |
US14/034,552 Abandoned US20150089220A1 (en) | 2009-10-31 | 2013-09-24 | Technique For Bypassing an IP PBX |
US14/672,085 Active 2031-02-10 US9654448B2 (en) | 2009-10-31 | 2015-03-27 | Secure communication system for mobile devices |
Family Applications Before (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/916,522 Active - Reinstated 2031-10-23 US8588746B2 (en) | 2009-10-31 | 2010-10-30 | Technique for bypassing an IP PBX |
US12/916,535 Active - Reinstated 2031-06-02 US8392699B2 (en) | 2009-10-31 | 2010-10-30 | Secure communication system for mobile devices |
US13/657,872 Active - Reinstated US8996861B1 (en) | 2009-10-31 | 2012-10-23 | Secure communications system for mobile devices |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/672,085 Active 2031-02-10 US9654448B2 (en) | 2009-10-31 | 2015-03-27 | Secure communication system for mobile devices |
Country Status (1)
Country | Link |
---|---|
US (5) | US8588746B2 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170163616A1 (en) * | 2015-12-07 | 2017-06-08 | Mcafee, Inc. | System, apparatus and method for providing privacy preserving interaction with a computing system |
US20180302787A1 (en) * | 2017-04-13 | 2018-10-18 | Synchronoss Technologies, Inc. | Systems and methods for securely provisioning hypertext transfer protocol secure (https) pins to a mobile client |
US20220014514A1 (en) * | 2018-11-14 | 2022-01-13 | Connectfree Corporation | Information processing method, information processing program, information processing device, and information processing system |
Families Citing this family (58)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008146328A1 (en) * | 2007-05-25 | 2008-12-04 | Sony Computer Entertainment Inc. | Server system, communication method, computer, program and recording medium |
US8782151B2 (en) * | 2008-12-19 | 2014-07-15 | PrivateTree, LLC | Systems and methods for facilitating relationship management |
US9178858B1 (en) * | 2009-08-05 | 2015-11-03 | West Corporation | Method and system for message delivery security validation |
US8588746B2 (en) * | 2009-10-31 | 2013-11-19 | SAIFE Technologies Incorporated | Technique for bypassing an IP PBX |
US20110117883A1 (en) * | 2009-11-19 | 2011-05-19 | David Drabo | Encrypted text messaging system and method therefor |
WO2011130274A2 (en) * | 2010-04-13 | 2011-10-20 | Cornell University | Private overlay for information networks |
US9253168B2 (en) | 2012-04-26 | 2016-02-02 | Fitbit, Inc. | Secure pairing of devices via pairing facilitator-intermediary device |
WO2012065112A2 (en) | 2010-11-12 | 2012-05-18 | Apple Inc. | Apparatus and methods for recordation of device history across multiple software emulations |
US20140047231A1 (en) * | 2011-03-08 | 2014-02-13 | Cummings Engineering Consultants Incorporated | Secure Sub-Joined Computing Device |
EP2742463A4 (en) * | 2011-08-08 | 2015-04-15 | Mikoh Corp | Radio frequency identification technology incorporating cryptographics |
US9329810B2 (en) * | 2011-12-22 | 2016-05-03 | Xerox Corporation | Secure federation of cloud print services |
US9245143B2 (en) | 2012-02-09 | 2016-01-26 | Microsoft Technology Licensing, Llc | Security policy for device data |
US20140122879A1 (en) * | 2012-03-07 | 2014-05-01 | Darren Cummings | Secure computing system |
US8707454B1 (en) | 2012-07-16 | 2014-04-22 | Wickr Inc. | Multi party messaging |
US8700019B2 (en) | 2012-08-27 | 2014-04-15 | Avaya Inc. | Method and apparatus for dynamic device pairing |
US8996061B2 (en) | 2012-09-21 | 2015-03-31 | Bae Systems Information And Electronic Systems Integration Inc. | Bridging communications between tactical SDR and cellular telephone networks |
GB2513752B (en) | 2012-09-26 | 2015-06-10 | Starleaf Ltd | A server, a telecommunication device and a telecommunication network |
CN103020504B (en) * | 2012-12-03 | 2015-09-23 | 鹤山世达光电科技有限公司 | Based on picture management system and the picture management method of finger print identifying |
US9882713B1 (en) | 2013-01-30 | 2018-01-30 | vIPtela Inc. | Method and system for key generation, distribution and management |
US9959385B2 (en) * | 2013-02-15 | 2018-05-01 | Davincian Healthcare, Inc. | Messaging within a multi-access health care provider portal |
US11354623B2 (en) | 2013-02-15 | 2022-06-07 | Dav Acquisition Corp. | Remotely diagnosing conditions and providing prescriptions using a multi-access health care provider portal |
US9830089B1 (en) | 2013-06-25 | 2017-11-28 | Wickr Inc. | Digital data sanitization |
US10567349B2 (en) | 2013-06-25 | 2020-02-18 | Wickr Inc. | Secure time-to-live |
US10129260B1 (en) | 2013-06-25 | 2018-11-13 | Wickr Inc. | Mutual privacy management |
US9866591B1 (en) | 2013-06-25 | 2018-01-09 | Wickr Inc. | Enterprise messaging platform |
US10142254B1 (en) | 2013-09-16 | 2018-11-27 | Cisco Technology, Inc. | Service chaining based on labels in control and forwarding |
US9467478B1 (en) | 2013-12-18 | 2016-10-11 | vIPtela Inc. | Overlay management protocol for secure routing based on an overlay network |
US9698976B1 (en) | 2014-02-24 | 2017-07-04 | Wickr Inc. | Key management and dynamic perfect forward secrecy |
CN105025471A (en) * | 2014-04-21 | 2015-11-04 | 中兴通讯股份有限公司 | Called terminal, calling terminal, voice communication method and system |
US9485091B2 (en) | 2014-05-01 | 2016-11-01 | International Business Machines Corporation | Dual-party session key derivation |
US9584530B1 (en) | 2014-06-27 | 2017-02-28 | Wickr Inc. | In-band identity verification and man-in-the-middle defense |
CN106471510B (en) | 2014-07-08 | 2019-08-23 | 惠普发展公司有限责任合伙企业 | Compound document access |
US9654288B1 (en) | 2014-12-11 | 2017-05-16 | Wickr Inc. | Securing group communications |
CN107078941B (en) | 2014-12-19 | 2021-11-16 | 意法半导体股份有限公司 | Method for transmitting IP data packet to IP address, processing device and mobile equipment |
US9692603B2 (en) * | 2015-05-15 | 2017-06-27 | Verizon Patent And Licensing Inc. | Biometric PKI authentication |
US9923721B2 (en) * | 2015-06-22 | 2018-03-20 | Intel IP Corporation | Key agreement and authentication for wireless communication |
US9866383B2 (en) * | 2015-10-28 | 2018-01-09 | Cisco Technology, Inc. | Key management for privacy-ensured conferencing |
US9980303B2 (en) | 2015-12-18 | 2018-05-22 | Cisco Technology, Inc. | Establishing a private network using multi-uplink capable network devices |
US9590956B1 (en) | 2015-12-18 | 2017-03-07 | Wickr Inc. | Decentralized authoritative messaging |
US10291607B1 (en) | 2016-02-02 | 2019-05-14 | Wickr Inc. | Providing real-time events to applications |
US10432650B2 (en) | 2016-03-31 | 2019-10-01 | Stuart Staniford | System and method to protect a webserver against application exploits and attacks |
US9591479B1 (en) | 2016-04-14 | 2017-03-07 | Wickr Inc. | Secure telecommunications |
US9602477B1 (en) | 2016-04-14 | 2017-03-21 | Wickr Inc. | Secure file transfer |
US10554418B2 (en) * | 2016-06-24 | 2020-02-04 | General Electric Company | Routing cloud messages using digital certificates |
CN106131094A (en) * | 2016-09-14 | 2016-11-16 | 江苏北弓智能科技有限公司 | Mobile device management framework and communication means thereof |
WO2018087421A1 (en) * | 2016-11-09 | 2018-05-17 | Jetico Inc. Oy | Method in data wiping of a mass storage |
IT201700093693A1 (en) | 2017-08-14 | 2019-02-14 | St Microelectronics Srl | PROCEDURE FOR TRANSMITTING AT LEAST A PACKAGE OF IP DATA, ITS SYSTEM AND IT PRODUCT |
US10957445B2 (en) | 2017-10-05 | 2021-03-23 | Hill-Rom Services, Inc. | Caregiver and staff information system |
US10764064B2 (en) * | 2017-12-01 | 2020-09-01 | International Business Machines Corporation | Non-networked device performing certificate authority functions in support of remote AAA |
FR3085815B1 (en) * | 2018-07-11 | 2022-07-15 | Ledger | SECURITY GOVERNANCE OF THE PROCESSING OF A DIGITAL REQUEST |
BR112021001715A2 (en) * | 2018-07-29 | 2021-06-01 | Nouvenn Corporation | security method for data communication network |
CN109089000B (en) * | 2018-10-24 | 2020-10-27 | 迈普通信技术股份有限公司 | Voice call processing method and device |
KR20210049603A (en) * | 2019-10-25 | 2021-05-06 | 삼성전자주식회사 | Method and apparatus for performing access control using role based certification |
US11632243B1 (en) * | 2020-03-31 | 2023-04-18 | Juniper Networks, Inc. | Multi-key exchange |
US11551689B2 (en) * | 2020-09-30 | 2023-01-10 | International Business Machines Corporation | Voice command execution |
US20230089730A1 (en) * | 2021-09-23 | 2023-03-23 | At&T Mobility Ii Llc | Short message service encryption secure front-end gateway |
US20230209615A1 (en) * | 2021-12-28 | 2023-06-29 | At&T Intellectual Property I, L.P. | Transport layer approach to secure mobile termination |
US11758393B1 (en) * | 2022-03-31 | 2023-09-12 | Lenovo (Singapore) Pte. Ltd. | VPN authentication with forward secrecy |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030195932A1 (en) * | 2002-04-10 | 2003-10-16 | Nippon Telegraph And Telephone Corporation | Server-based computing collaboration allowing multiple clients to share application in server and collaborate on the application |
US20040145773A1 (en) * | 2003-01-29 | 2004-07-29 | Oakeson Kenneth L. | Message authorization system and method |
US6775772B1 (en) * | 1999-10-12 | 2004-08-10 | International Business Machines Corporation | Piggy-backed key exchange protocol for providing secure low-overhead browser connections from a client to a server using a trusted third party |
US6957186B1 (en) * | 1999-05-27 | 2005-10-18 | Accenture Llp | System method and article of manufacture for building, managing, and supporting various components of a system |
US20060005237A1 (en) * | 2003-01-30 | 2006-01-05 | Hiroshi Kobata | Securing computer network communication using a proxy server |
US20060282662A1 (en) * | 2005-06-13 | 2006-12-14 | Iamsecureonline, Inc. | Proxy authentication network |
US20070150740A1 (en) * | 2000-10-05 | 2007-06-28 | Davis Walter L | Method for providing information security for wireless transmissions |
US7437566B2 (en) * | 2004-05-01 | 2008-10-14 | Microsoft Corporation | System and method for identity confirmation of a contact published on a network |
US20090215438A1 (en) * | 2008-02-23 | 2009-08-27 | Ajay Mittal | Methods for performing transparent callback |
US20110161660A1 (en) * | 2009-12-29 | 2011-06-30 | General Instrument Corporation | Temporary registration of devices |
US20120079033A1 (en) * | 2010-09-24 | 2012-03-29 | Thanh Vinh Vuong | System and method for breaking up a message thread when replying or forwarding a message |
US8621078B1 (en) * | 2005-08-15 | 2013-12-31 | F5 Networks, Inc. | Certificate selection for virtual host servers |
Family Cites Families (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6772331B1 (en) * | 1999-05-21 | 2004-08-03 | International Business Machines Corporation | Method and apparatus for exclusively pairing wireless devices |
US8515066B2 (en) * | 2000-02-04 | 2013-08-20 | Ntt Communications Corporation | Method, apparatus and program for establishing encrypted communication channel between apparatuses |
EP1410600B1 (en) * | 2001-07-16 | 2008-08-27 | Research In Motion Limited | A system and method for supporting multiple certificate authorities on a mobile communication device |
US7185199B2 (en) * | 2002-08-30 | 2007-02-27 | Xerox Corporation | Apparatus and methods for providing secured communication |
GB2392590B (en) * | 2002-08-30 | 2005-02-23 | Toshiba Res Europ Ltd | Methods and apparatus for secure data communication links |
CN1745555B (en) * | 2003-02-28 | 2011-05-11 | 捷讯研究有限公司 | System and method of protecting data on a communication device |
US7506370B2 (en) * | 2003-05-02 | 2009-03-17 | Alcatel-Lucent Usa Inc. | Mobile security architecture |
US7257837B2 (en) * | 2003-07-26 | 2007-08-14 | Innomedia Pte | Firewall penetration system and method for real time media communications |
GB2408415B (en) * | 2003-11-19 | 2008-04-09 | Vodafone Plc | Networks |
JP2007517350A (en) * | 2003-12-19 | 2007-06-28 | コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ | Method for accessing data content of a storage device |
WO2007092651A2 (en) * | 2006-01-04 | 2007-08-16 | Nytor, Inc. | Trusted host platform |
US20070156804A1 (en) * | 2006-01-05 | 2007-07-05 | Fuze Networks | System and method for a virtual mobile network supporting dynamic personal virtual mobile network with multimedia service orchestration |
CA2636010A1 (en) * | 2006-01-17 | 2007-07-17 | Baker Hughes Inc | System and method for remote data acquisition and distribution |
US7565539B2 (en) * | 2006-07-03 | 2009-07-21 | Viasat Inc. | Method and apparatus for secure communications |
CN101207613B (en) * | 2006-12-21 | 2012-01-04 | 松下电器产业株式会社 | Method, system and apparatus for authentication of striding network area information communication |
US8484464B2 (en) * | 2007-06-15 | 2013-07-09 | Research In Motion Limited | Method and devices for providing secure data backup from a mobile communication device to an external computing device |
US8311513B1 (en) * | 2007-06-27 | 2012-11-13 | ENORCOM Corporation | Automated mobile system |
US20090132813A1 (en) * | 2007-11-08 | 2009-05-21 | Suridx, Inc. | Apparatus and Methods for Providing Scalable, Dynamic, Individualized Credential Services Using Mobile Telephones |
US20090164785A1 (en) * | 2007-12-20 | 2009-06-25 | Motorola, Inc. | Method for authentication in a communication network |
US8332572B2 (en) * | 2008-02-05 | 2012-12-11 | Spansion Llc | Wear leveling mechanism using a DRAM buffer |
US8327146B2 (en) * | 2008-03-31 | 2012-12-04 | General Motors Llc | Wireless communication using compact certificates |
US8750797B2 (en) * | 2008-07-22 | 2014-06-10 | Nissaf Ketari | Proximity access and alarm apparatus |
US20100031349A1 (en) * | 2008-07-29 | 2010-02-04 | White Electronic Designs Corporation | Method and Apparatus for Secure Data Storage System |
US8588746B2 (en) * | 2009-10-31 | 2013-11-19 | SAIFE Technologies Incorporated | Technique for bypassing an IP PBX |
US20110130119A1 (en) * | 2009-12-02 | 2011-06-02 | Symbol Technologies, Inc. | Staging a mobile device to an enterprise network securely using voice channel of a wireless wide area network (wwan) |
-
2010
- 2010-10-30 US US12/916,522 patent/US8588746B2/en active Active - Reinstated
- 2010-10-30 US US12/916,535 patent/US8392699B2/en active Active - Reinstated
-
2012
- 2012-10-23 US US13/657,872 patent/US8996861B1/en active Active - Reinstated
-
2013
- 2013-09-24 US US14/034,552 patent/US20150089220A1/en not_active Abandoned
-
2015
- 2015-03-27 US US14/672,085 patent/US9654448B2/en active Active
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6957186B1 (en) * | 1999-05-27 | 2005-10-18 | Accenture Llp | System method and article of manufacture for building, managing, and supporting various components of a system |
US6775772B1 (en) * | 1999-10-12 | 2004-08-10 | International Business Machines Corporation | Piggy-backed key exchange protocol for providing secure low-overhead browser connections from a client to a server using a trusted third party |
US20070150740A1 (en) * | 2000-10-05 | 2007-06-28 | Davis Walter L | Method for providing information security for wireless transmissions |
US20030195932A1 (en) * | 2002-04-10 | 2003-10-16 | Nippon Telegraph And Telephone Corporation | Server-based computing collaboration allowing multiple clients to share application in server and collaborate on the application |
US20040145773A1 (en) * | 2003-01-29 | 2004-07-29 | Oakeson Kenneth L. | Message authorization system and method |
US20060005237A1 (en) * | 2003-01-30 | 2006-01-05 | Hiroshi Kobata | Securing computer network communication using a proxy server |
US7437566B2 (en) * | 2004-05-01 | 2008-10-14 | Microsoft Corporation | System and method for identity confirmation of a contact published on a network |
US20060282662A1 (en) * | 2005-06-13 | 2006-12-14 | Iamsecureonline, Inc. | Proxy authentication network |
US8621078B1 (en) * | 2005-08-15 | 2013-12-31 | F5 Networks, Inc. | Certificate selection for virtual host servers |
US20090215438A1 (en) * | 2008-02-23 | 2009-08-27 | Ajay Mittal | Methods for performing transparent callback |
US20110161660A1 (en) * | 2009-12-29 | 2011-06-30 | General Instrument Corporation | Temporary registration of devices |
US20120079033A1 (en) * | 2010-09-24 | 2012-03-29 | Thanh Vinh Vuong | System and method for breaking up a message thread when replying or forwarding a message |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170163616A1 (en) * | 2015-12-07 | 2017-06-08 | Mcafee, Inc. | System, apparatus and method for providing privacy preserving interaction with a computing system |
US10009328B2 (en) * | 2015-12-07 | 2018-06-26 | Mcafee, Llc | System, apparatus and method for providing privacy preserving interaction with a computing system |
US20180302787A1 (en) * | 2017-04-13 | 2018-10-18 | Synchronoss Technologies, Inc. | Systems and methods for securely provisioning hypertext transfer protocol secure (https) pins to a mobile client |
US20220014514A1 (en) * | 2018-11-14 | 2022-01-13 | Connectfree Corporation | Information processing method, information processing program, information processing device, and information processing system |
Also Published As
Publication number | Publication date |
---|---|
US20110131406A1 (en) | 2011-06-02 |
US8996861B1 (en) | 2015-03-31 |
US8392699B2 (en) | 2013-03-05 |
US9654448B2 (en) | 2017-05-16 |
US20150256521A1 (en) | 2015-09-10 |
US8588746B2 (en) | 2013-11-19 |
US20110130121A1 (en) | 2011-06-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20150089220A1 (en) | Technique For Bypassing an IP PBX | |
US7464267B2 (en) | System and method for secure transmission of RTP packets | |
EP2039199B1 (en) | User equipment credential system | |
US7382881B2 (en) | Lawful interception of end-to-end encrypted data traffic | |
US8898455B2 (en) | System and method for authentication of a communication device | |
US8417218B2 (en) | SIM based authentication | |
JP3943034B2 (en) | Method and apparatus for secure internet protocol communication in a call processing system | |
CN103974241A (en) | Voice end-to-end encryption method aiming at mobile terminal with Android system | |
US7764945B2 (en) | Method and apparatus for token distribution in session for future polling or subscription | |
CN102202299A (en) | Realization method of end-to-end voice encryption system based on 3G/B3G | |
JP5192077B2 (en) | Secret communication method using VPN, system thereof, program thereof, and recording medium of program | |
EP3178193A1 (en) | A method of providing real-time secure communication between end points in a network | |
WO2010124482A1 (en) | Method and system for implementing secure forking calling session in ip multi-media subsystem | |
WO2012024906A1 (en) | Mobile communication system and voice call encryption method thereof | |
US10880079B2 (en) | Private key generation method and system, and device | |
CN114630290A (en) | Key agreement method, device, equipment and storage medium for voice encryption communication | |
WO2017197968A1 (en) | Data transmission method and device | |
US10848471B2 (en) | Communication apparatus, communication method, and program | |
KR101210938B1 (en) | Encrypted Communication Method and Encrypted Communication System Using the Same | |
CN104753869A (en) | SIP protocol based session encryption method | |
CN105763571A (en) | SIP-based asymmetric voice encryption | |
JP2009260847A (en) | Vpn connection method, and communication device | |
Bassil et al. | Critical analysis and new perspective for securing voice networks | |
Hsieh | Reference Phone Number: A Secure and QoS-improved SIP-based phone system | |
CN106936767A (en) | Secure communication terminal and its communication means |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: SAIFE HOLDINGS LLC, MINNESOTA Free format text: SECURITY INTEREST;ASSIGNOR:SAIFE, INC.;REEL/FRAME:032742/0925 Effective date: 20140328 Owner name: SAIFE TECHNOLOGIES, ARIZONA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:PATEL, DIPEN;JONES, JAMES;CURTIS, JOHN;AND OTHERS;REEL/FRAME:032732/0297 Effective date: 20140416 |
|
AS | Assignment |
Owner name: SAIFE INCORPORATED, ARIZONA Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE ASSIGNEE NAME FROM "SAIFE TECHNOLOGIES" (ON THE COVER SHEET) TO "SAIFE INCORPORATED" PREVIOUSLY RECORDED ON REEL 032732 FRAME 0297. ASSIGNOR(S) HEREBY CONFIRMS THE ERROR MADE IN THE COVERSHEET DATA (OF THE ORIGINAL SUBMISSION) BY THE CUSTOMER;ASSIGNORS:PATEL, DIPEN;JONES, JAMES;CURTIS, JOHN;AND OTHERS;REEL/FRAME:032777/0195 Effective date: 20140416 |
|
AS | Assignment |
Owner name: SAIFE, INC., ARIZONA Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE NAME OF THE ASSIGNEE FROM SAIFE INCORPORATED TO SAIFE, INC. PREVIOUSLY RECORDED ON REEL 032777 FRAME 0195. ASSIGNOR(S) HEREBY CONFIRMS THE CORRECTED ASSIGNMENT;ASSIGNORS:PATEL, DIPEN;CURTIS, JOHN;JONES, JAMES;AND OTHERS;SIGNING DATES FROM 20140807 TO 20140818;REEL/FRAME:033783/0515 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |