WO2009118730A1 - System and method for communicating over a network - Google Patents

System and method for communicating over a network Download PDF

Info

Publication number
WO2009118730A1
WO2009118730A1 PCT/IL2009/000327 IL2009000327W WO2009118730A1 WO 2009118730 A1 WO2009118730 A1 WO 2009118730A1 IL 2009000327 W IL2009000327 W IL 2009000327W WO 2009118730 A1 WO2009118730 A1 WO 2009118730A1
Authority
WO
WIPO (PCT)
Prior art keywords
cookie
server
network
sip
key
Prior art date
Application number
PCT/IL2009/000327
Other languages
French (fr)
Other versions
WO2009118730A4 (en
Inventor
Amichay Oren
Noy Itzikowitz
Original Assignee
Jajah, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jajah, Inc. filed Critical Jajah, Inc.
Priority to EP09725838A priority Critical patent/EP2272230A1/en
Publication of WO2009118730A1 publication Critical patent/WO2009118730A1/en
Publication of WO2009118730A4 publication Critical patent/WO2009118730A4/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1101Session protocols
    • H04L65/1104Session initiation protocol [SIP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/062Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys

Definitions

  • the present invention generally relates to communication over a network and in particular to communication over a client-server network.
  • a client-server network is generally used to describe a network comprising two or more devices, wherein at least one of the devices, referred to hereinafter as a client or client-machine (CM), is adapted to initiate communication, send requests and receive replies from a second device referred to as a server.
  • the server is generally adapted to wait for the requests from the CM and to act on them, usually replying to the CM by sending back information (data).
  • the server may reply by installing and/or uninstalling applications in the CM.
  • the server may reply by allowing the CM to connect to the network and communicate with other devices through the network. In some cases the communication may be directly with the other devices, or may be indirectly through the server (or through a plurality of servers).
  • one server may generally support several CMs. Occasionally, when relatively large number of CMs are connected to the network, several servers may be interconnected (in the network) to support an increased information processing load.
  • a CM may act as a server for some applications, or may act as both a CM and server for other applications.
  • a signaling protocol which may be used for initiating communications between the CM and the server, and for controlling the sending of requests and replies, is the Session Initiation Protocol (SIP).
  • SIP Session Initiation Protocol
  • SIP is an Application Layer protocol in the TCP/IP suite which is used to specify communication protocols over networks, including the Internet.
  • SIP is generally used for creating, modifying, and terminating sessions between two session participants (such as, for example, a CM and a server). SIP may be used to create two-party, or multiparty (multicast) sessions, with applications in Internet telephone calls, multimedia distribution, and multimedia conferences. SIP is designed to be independent of the underlying Transport Layer (in the TCP/IP suite), and may be used to initiate the Transmission Control Protocol (TCP), the User Datagram Protocol (UDP), and the Stream Control Transmission Protocol (SCTP). SIP is frequently used as the signaling protocol for Voice over Internet Protocol (VoIP), which is the term used for the transmission technologies for voice delivery over IP networks such as the Internet and other packet-switched networks.
  • VoIP Voice over Internet Protocol
  • Client-server networks using Session Initiation Protocol frequently include a use of SIP cookies for authentication purposes, prior to a server in the network (SIP server) authorizing connection of a CM to the network.
  • SIP cookies which are usually arbitrary portions of text data, are generally generated by the SIP server and are sent to the CM which then returns the cookie to the server as part of an SIP message.
  • the server upon receiving the cookie, verifies that the sent cookie and the received cookie are the same, authenticating (as part of an authentication process) an identity of the CM.
  • MTM man-in-the-middle attacks.
  • These attacks generally comprise a potential fraudster independently connecting with the CM and with the server, and impersonating the other (impersonating the CM when communicating with the server, and impersonating the server when communicating with the CM) to the extent that the server and the CM believe they are communicating with one another (when in reality both the server and the CM are communicating with the potential fraudster).
  • the potential fraudster frequently is mistakenly authenticated (as the CM) by the server, and gains authorization to access the network instead of the CM.
  • the fraudster may then gain access to information exclusively intended for the CM. It is therefore an object of the invention to provide a system for communicating over a network, wherein the network is essentially resistant to MTM attacks.
  • a system for communicating over a network using SIP comprising a server adapted to transmit a first cookie encrypted using a first key Kl, receive and decrypt a second cookie using a second key K2, and compare the first cookie with the second cookie; and a client machine (CM) adapted to receive and decrypt the first cookie using the first key Kl, and transmit the second cookie encrypted using the second key K2.
  • the server is further adapted to transmit the first cookie responsive to receiving from the CM a request for authentication message.
  • the server is further adapted to authorize connection of the CM to the network when a result of a comparison between the first cookie and the second cookie conforms (corresponds) to a predetermined criterion.
  • the server may be adapted to authorize connection when the first cookie and the second cookie are substantially identical, and may be further adapted to deny or reject connection of the CM to the network when the first cookie and the second cookie are substantially different.
  • the server may be adapted to authorize connection when the first cookie and the second cookie are substantially different, yet conform to the predetermined criterion.
  • Communication over the network comprises Voice over Internet Protocol (VoIP).
  • VoIP Voice over Internet Protocol
  • the network is a packet-switched network and, optionally, the Internet.
  • the network may comprise the PSTN.
  • first key Kl and second key K2 have substantially different values (Kl ⁇ K2).
  • First key Kl and/or second key K2 are revised according to predetermined CM-server validation criteria. Additionally or alternatively, Kl and/or K2 are revised periodically, optionally weekly.
  • the server is further adapted to generate the first cookie and to encrypt the first cookie using Kl.
  • the server is further adapted to store the first cookie.
  • the CM is adapted to encrypt the second cookie using K2.
  • a method for communicating over a network using a Session Initiation Protocol comprising transmitting a first cookie encrypted using a first key Kl from a server to a client machine (CM), decrypting the first cookie at the CM using Kl and transmitting a second cookie encrypted using a second key K2; and receiving the second cookie at the server and decrypting the cookie using K2, and comparing the first cookie with the second cookie.
  • the method further comprises transmitting the first cookie from the server responsive to receiving a request for authentication message from the CM.
  • the method further comprises authorizing connection of the CM to the network when the result of a comparison of the first cookie and the second cookie corresponds to a predetermined criterion.
  • the method comprises authorizing connection when the first cookie and the second cookie are substantially identical, and further comprises denying or rejecting connection of the CM to the network when the first cookie and the second cookie are substantially different.
  • the method comprises authorizing connection of the CM to the network when the first cookie and the second cookie are substantially different, yet conform to the predetermined criterion.
  • the method further comprises communicating over the network using Voice over Internet Protocol (VoIP).
  • VoIP Voice over Internet Protocol
  • the method comprises communicating over a packet- switched network, and optionally over the Internet.
  • the method comprises communicating over the PSTN.
  • the method further comprises Kl and K2 having substantially different values (Kl ⁇ K2).
  • the method further comprises revising Kl and/or K2 according to predetermined CM-server validation criteria. Additionally or alternatively, Kl and/or K2 are revised periodically, optionally weekly.
  • the method comprises generating the first cookie and encrypting the first cookie using Kl. In some embodiments, the method comprises storing the first cookie. The method further comprises encrypting the second cookie using K2.
  • Hg. 1 is a schematic illustration of a system for communicating over a client-server network using SIP;
  • Fig. 2 is a schematic flow chart of a method of communicating, in the system shown in Hg. 1, between the CM and the server using SIP;
  • Figs. 3A and 3B are schematic flow charts illustrating a method of VoIP communication between a CM and a call terminator through a client-server network using SIP; and
  • Figs. 4A and 4B represent a step-by-step flow-chart of a cookies validation process according to some embodiments of the present invention.
  • FIG. 1 schematically illustrates an exemplary system 100 for communicating over a client-server network 102.
  • System 100 comprises a server 101 and a plurality of client-machines (CMs), a CM comprising any device adapted to communicate with the server through network 102, and optionally adapted to communicate directly and/or indirectly with one or more CMs, or other devices, through the network.
  • CM may comprise for example, a laptop computer 103, a personal digital assistant (PDA) 104, a personal computer (PC) 105, a mobile phone 106, and/or a VoIP telephone 107.
  • PDA personal digital assistant
  • PC personal computer
  • CM complementary metal-oxide-semiconductor
  • system 100 may comprise any number of CMs, for example 1, 2, 10, 15, 200, 1000, 10000, or more CMs.
  • system 100 may comprise one or more servers 101 for handling large processing loads, for example 2, 5, 10, 100 or more servers.
  • a CM may act as server 101 for some applications, or may act as both a CM and server for other applications.
  • Network 102 comprises an IP network adapted to transfer data using the TCP/IP suite, and may include the Internet, or any other packet-switching network adapted to carry information over the network in packets.
  • Network 102 may be further adapted to allow VoIP communication.
  • communication over network 102 comprises the use of SIP as a signaling protocol.
  • each CM for example CM 103 - 107, is additionally adapted to generate a request (invite) for authentication message which is sent to server 101 whenever the CM wishes to initiate communication with the server and connect to network 102.
  • the request message may be an HTTP (hypertext transfer protocol) message, a SIP message, a SOAP (Simple Object Access Protocol) message, or any other type of message suitable to request CM authentication from server 101 and to connect to network 102, or any combination thereof (including tunneled wherein one message type or protocol is embedded within another).
  • Each CM is further adapted to receive an encrypted first SIP cookie from server 101 and to decrypt the first SIP cookie using a key Kl. Responsive to receiving the first SIP cookie, the CM is further adapted to transmit to server 101 a second SIP cookie encrypted using a second key K2.
  • the second SIP cookie is functionally related to the first SIP cookie such that, when a comparison is made between them, the result of the comparison conforms to a predetermined criterion.
  • the first cookie and the second cookie may be substantially identical.
  • the second SIP cookie may be the same first SIP cookie received from server 101 following decryption.
  • the first cookie and the second cookie may be substantially different.
  • the second SIP cookie is generated by the CM.
  • the second SIP cookie is generated by a cookie generator external to the CM and sent to the CM for encryption.
  • the second SIP cookie is encrypted by an encryption application program external to the CM.
  • server 101 is adapted to generate a first SIP cookie responsive to receiving a request message from the CM, and to store (save) the first SIP cookie in a memory.
  • the first SIP cookie is generated by a cookie generator external to server 101, for example a second server (not shown), and is sent to the server.
  • the memory may be a resident memory in server 101.
  • the memory may be external to server 101, for example, in a second CM, or in a second server, or in an external memory storage device connected to network 102, or in other computing device or devices adapted to store data and which may be accessed by server 101 through the network.
  • Server 101 is further adapted to encrypt the first cookie using the key Kl and to transmit the encrypted first cookie to the CM.
  • the first cookie is encrypted by an encryption application program external to server 101, for example in a second server.
  • Server 101 is additionally adapted to receive the encrypted second cookie from the CM, decrypt the second cookie using the key K2, and compare the second cookie with the saved first cookie. If the result of the comparison of the first cookie and the second cookie conforms to a predetermined criterion, for example, are substantially identical, the CM is authenticated and server 101 authorizes connection of the CM to network 102. The CM may then communicate through network 102 and transmit/receive information from other CMs and servers, and other devices, which may be connected to the network. If the first cookie and the second cookie do not conform to the predetermined criterion, for example, are substantially different, the CM is not authenticated and may not connect to network 102.
  • the request message sent from the CM to server 101 may include a validation stamp, based on predetermined CM-server validation criteria, the validation stamp serving to correlate the key Kl used by the server to encrypt the first cookie and the key Kl used by the CM to decrypt the first cookie (same key).
  • the validation stamp also serves to correlate the key K2 used by the CM to encrypt the second cookie with the key K2 used by server 101 to decrypt the second cookie.
  • the validation stamp may be a time stamp which is revised periodically, say weekly, such that the CM and server 101 will use a same set of keys Kl and K2 associated with the particular week designated in the time stamp.
  • the validation stamp may be revised daily, bi-weekly, monthly, or according to any predetermined time period.
  • the CM-server predetermined validation criteria may be based on a frequency of requests sent by the CM, for example, every 100 requests, or every 1000 requests.
  • the validation criteria may be based on a number of encryptions performed, for example, every 250 encryptions or every 2500 encryptions.
  • the validation criteria may be any criteria suitable to allow the keys Kl and K2 to be varied a number of times necessary to substantially minimize a risk of a fraudster obtaining the keys.
  • An encryption method for the first cookie and the second cookie may be based on a symmetric-key cryptographic algorithm.
  • the algorithm may be that described by the Data Encryption Standard (DES) with Kl and K2 as keys and a revision number as an initiation vector.
  • server 101 uses DES and encrypts the first cookie with key Kl, which has a value determined by eight characters, and with an eight character initiation vector associated with a revision number of the key Kl (if the revision number is less than eight characters, "0" characters may be padded from the left).
  • the CM then decrypts the encrypted first cookie in the following manner: Kl A revision ⁇ encrypted first cookie.
  • the CM encrypts the second cookie using DES and encrypts the second cookie with key K2, which also has a value determined by eight character, and with an eight character initiation vector associated with the revision number of the key K2 (if the revision number is less than eight characters, "0" characters may be padded from the left).
  • Server 101 then decrypts the encrypted second cookie in the following manner: K2 A revision A encrypted second cookie.
  • Kl and K2 have different values, although in some embodiments, they may have a same value.
  • the symmetric-key algorithm may be according to the Advanced Encryption Standard (AES).
  • the cryptographic method may comprise an asymmetric- key algorithm.
  • the method may comprise a hybrid-key algorithm based on a combination of a symmetric-key algorithm and an asymmetric-key algorithm.
  • any set of encoding and decoding keys, intended to be used by the CM are encrypted up to the level which renders the discovery thereof, such as by reverse-engineering their codes, impossible.
  • Network 102 may comprise a wired network, which may be any type of network physically connecting one or more CMs to one another and/or to one or more servers 101, as shown for example by wired connection 108 from network 102 to PC 105.
  • Examples of such a network may be local area networks (LAN), or a circuit-switched network such as the public switched telephone network (PSTN).
  • LAN local area networks
  • PSTN public switched telephone network
  • network 102 may comprise any wireless network, as shown for example by wireless connection 109 to laptop 103 and PDA 104.
  • An example of such network may be a wireless local area network (WLAN) which may comprise a wireless network, or any combination of wireless networks, generally conforming to IEEE Standards 802.11 (Wireless LAN - Wi-Fi).
  • the WLAN may conform to IEEE Standards 802.15 (Wireless PAN - WPAN), 802.16 (Broadband Wireless Access - WiMAX), 802.20 (Mobile Broadband Wireless Access - MBWA), and/or 802.22 (Wireless Regional Area Network - WRAN), or any combination thereof.
  • Network 102 may optionally be adapted for communication according to 3GPP (3rd Generation Partnership Project) and/or 3GPP2 (3rd Generation Partnership Project 2) specifications for mobile phones.
  • network 102 may be adapted for communication through satellite.
  • network 102 may comprise any combination of networks including IP and/or other packet-switched networks, and circuit-switched networks (for example, the PSTN).
  • network 102 may be configured in any combination of wired and wireless networks.
  • Fig. 2 is a schematic flow chart illustrating a method of communication in system 100 (Fig. 1) between the CM and server 101 over client-server network 102 using SIP.
  • the method illustrated and described below is not intended to be limiting in any form or manner, and it should be evident to a person skilled in the art that variations are possible in the implementation of the method.
  • Step 200 The CM, for example CM 103 - 107, wishing to connect to network 102, sends a request for initiation of authentication message to server 101.
  • the request includes a validation stamp according to the predetermined CM-server validation criteria, which may comprise, for example, a time stamp with a week number (and optionally year) when the request is generated.
  • the request additionally includes CM IP address, and may include, in some embodiments, additional information such as CM data used to stiffen the coupling between the request for authentication and the CM's IP address.
  • Step 201 Server 101 receives the request from the CM and checks CM's IP address, time stamp (week time stamp), and optional CM data, so as validate that CM is authorized to connect to network 102.
  • Step 202 If request is OK continue to Step 203 (CM is authorized to continue authentication process). If request is not OK go to Step 212
  • CM is not authorized to continue authentication process; for example, unrecognized IP address, incorrect week time stamp, and/or incompatibility between CM data and IP address).
  • Step 203 Server 101 generates a first SIP cookie.
  • the first SIP cookie may be generated externally of
  • Server 101 for example, by a cookie generator in a second server.
  • Step 204 Server 101 saves the first SIP cookie in a resident memory in the server.
  • the first SIP cookie may be stored in an externally located memory such as for example, in a second server, a second CM, or an external data storage device not physically connected to server 101 (connected through network 102).
  • Step 205 Server 101 encrypts the first SIP cookie using key Kl, the key selected according to the week time stamp received from the CM.
  • Server 101 and the CM each maintain a database with, for example, 156 sets of shared keys Kl and K2, each set of keys associated with a specific week in a specific year.
  • the databases may be resident in the CM and in server 101, respectively, or may optionally be stored, for example, in one or more separate external storage devices which may be accessed by the CM and/or the server, or any combination thereof.
  • Step 206 Server 101 sends the encrypted first SIP cookie to the CM, and includes the week time stamp received from the CM in the message.
  • Step 207 The CM receives the encrypted first SIP cookie from server 101, together with the week time stamp. Based on the week time stamp received, the CM selects from the database a set of keys Kl and K2 corresponding to the week (and optionally year) of the week time stamp. The CM decrypts the encrypted first SIP cookie using key Kl.
  • Step 208 The CM encrypts a second SIP cookie which is functionally related to the first SIP cookie (and which may be the first SIP cookie or a new cookie generated by the CM or by an external cookie generator), using the second key K2 selected from the database.
  • Step 209 The CM sends the encrypted second SIP cookie to server 101.
  • Step 210 Server 101 receives the encrypted second SIP cookie and decrypts the cookie using the second key K2 from the set of keys Kl and K2 selected from the database (according to the week time stamp of the request, and used to encrypt the first SIP cookie).
  • Step 211 Server 101 compares the second SIP cookie with the saved first SIP cookie. If the result of the comparison of the first and second
  • SIP cookies conform to a predetermined criterion for example are substantially identical, go to Step 213. If the result of the comparison of the first and second SIP cookies does not conform to the predetermined criterion, for example they are substantially different, continue to Step 212.
  • Step 212 Server 101 reports an error to CM. Go to Step 200.
  • Step 213 Server 101 authenticates identity of CM and sends an acknowledgement to the CM. Server 101 authorizes connection of the
  • CM to network 102, and the CM is able to communicate over the network with other servers, CMs, and/or other devices.
  • the CM may connect with another CM, or another device, through network 102 using RTP (real-time transport protocol) for VoIP communications.
  • RTP real-time transport protocol
  • Figs. 3A and 3B are schematic flow charts illustrating an exemplary method of VoIP communication between a call initiator (a device for initiating a call) and a call terminator (a device for receiving a call), including the use of SIP for substantially preventing MTM attacks in an IP network.
  • a VoIP technology known as Jajah.
  • Jajah® is generally regarded as a technology for communicating between telephones (such as landline telephones and mobile phones) by combining VoIP over an IP network with communication through the PSTN and/or a cellular network (for mobile phones).
  • a Jajah user using a CM such as, for example a PC, connects to a Jajah server through the IP network.
  • the CM sends a request for authentication which may include a telephone number of the call initiator and a destination telephone number of the call terminator, a CM IP address, and may include other user information such as, for example, a user name and a user password.
  • a Jajah application program may be downloaded by the user to the mobile device, enabling the device to serve as the CM and to connect to the Jajah server through the cellular network.
  • the Jajah server Upon server validation of user information, the Jajah server acknowledges the request for authentication and connects the call initiator with the call terminator through the IP network and the PSTN, and/or the cellular network. Once connected, the Jajah server additionally manages and controls the communication between the call initiator and the call terminator.
  • Step 300 A user placing a telephone call to the call terminator accesses the Jajah server through a web browser in the CM (PC or mobile phone), and inputs the telephone number of the call initiator and the call terminator into a Jajah application program (AP). Additional user information may be input such as user name, password, and the like.
  • CM PC or mobile phone
  • AP Jajah application program
  • Step 301 The CM sends a sends a request for authentication message to a SIP server in the IP network.
  • the request message may be substantially similar or the same to that sent by the CM in Step 200 (Hg. 2).
  • the CM data may include the user information from Step 300.
  • the SIP server and the Jajah server may be the same.
  • Step 302 The SIP server receives the request message and checks the validity of the message. SIP server check of validity may be the same or substantially similar to that in Step 201 (Fig. 2). If the request is not OK (invalid) go to Step 308.
  • Step 303 SIP server authenticates identity of CM.
  • Process of authentication is the same or substantially similar to that shown in Steps 203 through 211 and Step 213 (Rg. 2). If the CM is not authenticated go to step 308.
  • Step 304 SIP server sends acknowledgment of CM authentication and authorization to the Jajah server.
  • Jajah server authenticates user information input in Step 300, including the destination number of the call terminator. If the user information is not authenticated, go to Step 308.
  • Step 305 Jajah server is adapted to manage the account of the user and to connect the call terminator with the call initiator, for example, using RTP. Jajah server validates account balance of the call initiator prior to connecting the call initiator to the call terminator. If the account balance is inadequate, go to Step 308.
  • Step 306 Jajah server dials up the telephone number of the call initiator, and connects to the call initiator through the IP network, and the PSTN and/or the cellular network. If there is an error in the connection, go to Step 308.
  • Step 307 Once the call initiator responds and the call is to be connected, the Jajah server dials up the telephone number of the call terminator, and connects the call terminator through the IP network, and the PSTN and/or cellular network. Go to Step 309. If there is an error in the connection, go to Step 308.
  • Step 308 Error report is generated to the call initiator, or optionally the CM. Go to Step 301.
  • Step 309 Call initiator and call terminator engage in conversation.
  • Step 310 Upon concluding the conversation the user hangs up, disconnecting the call initiator.
  • Step 311 CM sends a sends a request for termination (BYE) message to the SIP server in the IP network.
  • the authentication information comprised in the BYE message may be the same or substantially similar to that in Step 301.
  • Step 312 SIP server receives the BYE message and checks the validity of the message. SIP server check of validity may be the same or substantially similar to that in Step 302. If the BYE request is not OK (invalid) go to Step 308.
  • Step 313 SIP server authenticates identity of CM. Process of authentication is the same or substantially similar to that in Step 303. If the CM is not authenticated go to step 308.
  • Step 314 SIP server sends acknowledgment of CM authentication and an authorization to the Jajah server to end the call (call End message). If there is an error in the connection, go to Step 308.
  • Step 315 Jajah server closes the call to the call terminator. If there is an error in the connection, go to Step 308.
  • Step 316 The call terminator closes the call. If there is an error in the connection, go to Step 308.
  • Step 317 Jajah server updates user, and/or optionally, call initiator, calling records and account balance.
  • Step 318 Jajah calling process is terminated.
  • a set of the at least two keys, Kl and K2 is exchanged between the CM and the server while a formula, put to disposal of both parties, will direct each of them when to use a specific pair of keys in order to allow decryption and encryption of one or more cookies exchanged there between.
  • Fig. 4 schematically illustrates a step-by-step flow-chart of an exemplary cookies validation process according to some embodiments of the present invention. The process includes a use of different pair of keys which are valid only during a given week of the year. However, any other preset, time-based or other criteria of validation may be employed. Each key comprises a number which is used in any known conventional way in order to convert a meaningful text into a string of meaningless characters.
  • a user when a user wishes to initiate a phone call for the first time from his CM, he will normally enter a phone number and send it to the Server by pressing the "call" button [stage (10)]. Along with the phone number, the CM will send other data to the server which is crucial for the authentication process (as will be detailed later) such as the current week number, the software revision number (rev. #), the Client's IP address, or the Client's unique identification code (CL ID). Upon receiving the information, the server generates a cookie using a formula known to the CM and stores it in a database (11). Then the cookie is encrypted using a key Kl (12).
  • the key Kl is one of a pair of matching keys as determined at the setup time of the system, in the present example correlated according to the week number of the current year.
  • the server generates a variation of the encrypted cookie combined with the week number and sends it to the CM (13).
  • the CM Upon receipt of the modified cookie, the CM looks up the appropriate pair of keys in the Table, as shown in stage (14).
  • stage (15) the CM decrypts the cookie with Kl (15), encrypts it with
  • the received encrypted cookie is decrypted at the server side using K2 (18) and becomes validated against the data stored in the database (19).
  • the server is prompted to activate the cookie (20) and to send an acknowledgement signal to the CM (21).
  • the server will allow only a preset number of call initiation attempts, e.g. 5, after which it will reject any call initiation request for a preset period of time, say 10 minutes. This concludes the initial verification and cookie setup process.
  • the stages of completing the call (establishing the connection with the called party, hanging-up), follows the conventional fashion.

Abstract

A system 100 for communicating over a network 102 using a Session Initiation Protocol (SIP), the system comprising a server 101 adapted to transmit a first cookie encrypted using a first key K1, receive and decrypt a second cookie using a second key K2, and compare the first cookie with the second cookie; and a client machine (CM) 103 - 107 adapted to receive and decrypt the first cookie using the first key K1, and transmit the second cookie encrypted using the second key K2.

Description

SYSTEM AND METHOD FOR COMMUNICATING OVER A
NETWORK
FIELD OF THE INVENTION The present invention generally relates to communication over a network and in particular to communication over a client-server network.
BACKGROUND OF THE INVENTION
A client-server network is generally used to describe a network comprising two or more devices, wherein at least one of the devices, referred to hereinafter as a client or client-machine (CM), is adapted to initiate communication, send requests and receive replies from a second device referred to as a server. The server is generally adapted to wait for the requests from the CM and to act on them, usually replying to the CM by sending back information (data). Optionally, the server may reply by installing and/or uninstalling applications in the CM. Optionally, the server may reply by allowing the CM to connect to the network and communicate with other devices through the network. In some cases the communication may be directly with the other devices, or may be indirectly through the server (or through a plurality of servers).
In a typical client-server network, one server may generally support several CMs. Occasionally, when relatively large number of CMs are connected to the network, several servers may be interconnected (in the network) to support an increased information processing load. Optionally, a CM may act as a server for some applications, or may act as both a CM and server for other applications. A signaling protocol which may be used for initiating communications between the CM and the server, and for controlling the sending of requests and replies, is the Session Initiation Protocol (SIP). SIP is an Application Layer protocol in the TCP/IP suite which is used to specify communication protocols over networks, including the Internet. SIP is generally used for creating, modifying, and terminating sessions between two session participants (such as, for example, a CM and a server). SIP may be used to create two-party, or multiparty (multicast) sessions, with applications in Internet telephone calls, multimedia distribution, and multimedia conferences. SIP is designed to be independent of the underlying Transport Layer (in the TCP/IP suite), and may be used to initiate the Transmission Control Protocol (TCP), the User Datagram Protocol (UDP), and the Stream Control Transmission Protocol (SCTP). SIP is frequently used as the signaling protocol for Voice over Internet Protocol (VoIP), which is the term used for the transmission technologies for voice delivery over IP networks such as the Internet and other packet-switched networks.
SUMMARY OF THE INVENTION Client-server networks using Session Initiation Protocol (SIP) frequently include a use of SIP cookies for authentication purposes, prior to a server in the network (SIP server) authorizing connection of a CM to the network. The SIP cookies, which are usually arbitrary portions of text data, are generally generated by the SIP server and are sent to the CM which then returns the cookie to the server as part of an SIP message. The server, upon receiving the cookie, verifies that the sent cookie and the received cookie are the same, authenticating (as part of an authentication process) an identity of the CM.
Networks, for example as that described above, are prone to man-in-the-middle (MTM) attacks. These attacks generally comprise a potential fraudster independently connecting with the CM and with the server, and impersonating the other (impersonating the CM when communicating with the server, and impersonating the server when communicating with the CM) to the extent that the server and the CM believe they are communicating with one another (when in reality both the server and the CM are communicating with the potential fraudster). As a result, the potential fraudster frequently is mistakenly authenticated (as the CM) by the server, and gains authorization to access the network instead of the CM. The fraudster may then gain access to information exclusively intended for the CM. It is therefore an object of the invention to provide a system for communicating over a network, wherein the network is essentially resistant to MTM attacks.
It is a further object of the invention to provide a system for communicating over a network using SIP, wherein encryption of SIP cookies form part of a CM authorization process.
It is a still further object of the invention to provide a system for VoIP communication over a network, wherein the network is essentially secure (resistant to MTM attacks) and essentially minimal negotiations are required during call establishment between CMs. Provided according to the invention is a system for communicating over a network using SIP, the system comprising a server adapted to transmit a first cookie encrypted using a first key Kl, receive and decrypt a second cookie using a second key K2, and compare the first cookie with the second cookie; and a client machine (CM) adapted to receive and decrypt the first cookie using the first key Kl, and transmit the second cookie encrypted using the second key K2. The server is further adapted to transmit the first cookie responsive to receiving from the CM a request for authentication message.
The server is further adapted to authorize connection of the CM to the network when a result of a comparison between the first cookie and the second cookie conforms (corresponds) to a predetermined criterion. In some embodiments, the server may be adapted to authorize connection when the first cookie and the second cookie are substantially identical, and may be further adapted to deny or reject connection of the CM to the network when the first cookie and the second cookie are substantially different. In some embodiments, the server may be adapted to authorize connection when the first cookie and the second cookie are substantially different, yet conform to the predetermined criterion.
Communication over the network comprises Voice over Internet Protocol (VoIP). In some embodiments of the invention, the network is a packet-switched network and, optionally, the Internet. Optionally, the network may comprise the PSTN.
In some embodiments, first key Kl and second key K2 have substantially different values (Kl ≠ K2). Optionally, Kl and K2 have a substantially same value (Kl = K2). First key Kl and/or second key K2 are revised according to predetermined CM-server validation criteria. Additionally or alternatively, Kl and/or K2 are revised periodically, optionally weekly. The server is further adapted to generate the first cookie and to encrypt the first cookie using Kl. In some embodiments, the server is further adapted to store the first cookie. The CM is adapted to encrypt the second cookie using K2.
Provided according to the invention is a method for communicating over a network using a Session Initiation Protocol (SIP), the method comprising transmitting a first cookie encrypted using a first key Kl from a server to a client machine (CM), decrypting the first cookie at the CM using Kl and transmitting a second cookie encrypted using a second key K2; and receiving the second cookie at the server and decrypting the cookie using K2, and comparing the first cookie with the second cookie. The method further comprises transmitting the first cookie from the server responsive to receiving a request for authentication message from the CM.
The method further comprises authorizing connection of the CM to the network when the result of a comparison of the first cookie and the second cookie corresponds to a predetermined criterion. In some embodiments, the method comprises authorizing connection when the first cookie and the second cookie are substantially identical, and further comprises denying or rejecting connection of the CM to the network when the first cookie and the second cookie are substantially different. In some embodiments, the method comprises authorizing connection of the CM to the network when the first cookie and the second cookie are substantially different, yet conform to the predetermined criterion. The method further comprises communicating over the network using Voice over Internet Protocol (VoIP). In some embodiments, the method comprises communicating over a packet- switched network, and optionally over the Internet. Optionally, the method comprises communicating over the PSTN. In some embodiments, the method further comprises Kl and K2 having substantially different values (Kl ≠ K2). Optionally, the method comprises Kl and K2 having a substantially same value (Kl = K2). The method further comprises revising Kl and/or K2 according to predetermined CM-server validation criteria. Additionally or alternatively, Kl and/or K2 are revised periodically, optionally weekly.
The method comprises generating the first cookie and encrypting the first cookie using Kl. In some embodiments, the method comprises storing the first cookie. The method further comprises encrypting the second cookie using K2.
BRIEF DESCRIPTION OF THE DRAWINGS
These and additional features and advantages of the invention will become more clearly understood in the light of the following description of preferred embodiments thereof given by way of example only, with reference to the attached drawings, wherein -
Hg. 1 is a schematic illustration of a system for communicating over a client-server network using SIP;
Fig. 2 is a schematic flow chart of a method of communicating, in the system shown in Hg. 1, between the CM and the server using SIP; Figs. 3A and 3B are schematic flow charts illustrating a method of VoIP communication between a CM and a call terminator through a client-server network using SIP; and
Figs. 4A and 4B represent a step-by-step flow-chart of a cookies validation process according to some embodiments of the present invention.
DETAILED DESCRIPTION OF THE PREFERED EMBODIMENTS
Figure 1 schematically illustrates an exemplary system 100 for communicating over a client-server network 102. System 100 comprises a server 101 and a plurality of client-machines (CMs), a CM comprising any device adapted to communicate with the server through network 102, and optionally adapted to communicate directly and/or indirectly with one or more CMs, or other devices, through the network. A CM may comprise for example, a laptop computer 103, a personal digital assistant (PDA) 104, a personal computer (PC) 105, a mobile phone 106, and/or a VoIP telephone 107. Other examples of a CM and which are not shown may include, but not be limited to, a private branch exchange (PBX), a smart phone, a mainframe computer, or any other computing device adapted to communicate over network 102. In some embodiments, system 100 may comprise any number of CMs, for example 1, 2, 10, 15, 200, 1000, 10000, or more CMs. Optionally, system 100 may comprise one or more servers 101 for handling large processing loads, for example 2, 5, 10, 100 or more servers. Additionally or alternatively, a CM may act as server 101 for some applications, or may act as both a CM and server for other applications.
Network 102 comprises an IP network adapted to transfer data using the TCP/IP suite, and may include the Internet, or any other packet-switching network adapted to carry information over the network in packets. Network 102 may be further adapted to allow VoIP communication. In some embodiments, communication over network 102 comprises the use of SIP as a signaling protocol.
In system 100, each CM, for example CM 103 - 107, is additionally adapted to generate a request (invite) for authentication message which is sent to server 101 whenever the CM wishes to initiate communication with the server and connect to network 102. The request message may be an HTTP (hypertext transfer protocol) message, a SIP message, a SOAP (Simple Object Access Protocol) message, or any other type of message suitable to request CM authentication from server 101 and to connect to network 102, or any combination thereof (including tunneled wherein one message type or protocol is embedded within another).
Each CM, for example CM 103 - 107, is further adapted to receive an encrypted first SIP cookie from server 101 and to decrypt the first SIP cookie using a key Kl. Responsive to receiving the first SIP cookie, the CM is further adapted to transmit to server 101 a second SIP cookie encrypted using a second key K2. The second SIP cookie is functionally related to the first SIP cookie such that, when a comparison is made between them, the result of the comparison conforms to a predetermined criterion. In some embodiments of the invention, the first cookie and the second cookie may be substantially identical. In some embodiments of the invention, the second SIP cookie may be the same first SIP cookie received from server 101 following decryption. Optionally, the first cookie and the second cookie may be substantially different. Optionally, the second SIP cookie is generated by the CM. Optionally, the second SIP cookie is generated by a cookie generator external to the CM and sent to the CM for encryption. Additionally or alternatively, the second SIP cookie is encrypted by an encryption application program external to the CM. In system 100, server 101 is adapted to generate a first SIP cookie responsive to receiving a request message from the CM, and to store (save) the first SIP cookie in a memory. Optionally, the first SIP cookie is generated by a cookie generator external to server 101, for example a second server (not shown), and is sent to the server. In some embodiments, the memory may be a resident memory in server 101. Optionally, the memory may be external to server 101, for example, in a second CM, or in a second server, or in an external memory storage device connected to network 102, or in other computing device or devices adapted to store data and which may be accessed by server 101 through the network.
Server 101 is further adapted to encrypt the first cookie using the key Kl and to transmit the encrypted first cookie to the CM. Optionally, the first cookie is encrypted by an encryption application program external to server 101, for example in a second server. Server 101 is additionally adapted to receive the encrypted second cookie from the CM, decrypt the second cookie using the key K2, and compare the second cookie with the saved first cookie. If the result of the comparison of the first cookie and the second cookie conforms to a predetermined criterion, for example, are substantially identical, the CM is authenticated and server 101 authorizes connection of the CM to network 102. The CM may then communicate through network 102 and transmit/receive information from other CMs and servers, and other devices, which may be connected to the network. If the first cookie and the second cookie do not conform to the predetermined criterion, for example, are substantially different, the CM is not authenticated and may not connect to network 102.
The request message sent from the CM to server 101 may include a validation stamp, based on predetermined CM-server validation criteria, the validation stamp serving to correlate the key Kl used by the server to encrypt the first cookie and the key Kl used by the CM to decrypt the first cookie (same key). The validation stamp also serves to correlate the key K2 used by the CM to encrypt the second cookie with the key K2 used by server 101 to decrypt the second cookie. For example, the validation stamp may be a time stamp which is revised periodically, say weekly, such that the CM and server 101 will use a same set of keys Kl and K2 associated with the particular week designated in the time stamp. In some embodiments, the validation stamp may be revised daily, bi-weekly, monthly, or according to any predetermined time period. In some embodiments, the CM-server predetermined validation criteria may be based on a frequency of requests sent by the CM, for example, every 100 requests, or every 1000 requests. Optionally, the validation criteria may be based on a number of encryptions performed, for example, every 250 encryptions or every 2500 encryptions. Additionally or alternatively, the validation criteria may be any criteria suitable to allow the keys Kl and K2 to be varied a number of times necessary to substantially minimize a risk of a fraudster obtaining the keys.
An encryption method for the first cookie and the second cookie may be based on a symmetric-key cryptographic algorithm. For example, the algorithm may be that described by the Data Encryption Standard (DES) with Kl and K2 as keys and a revision number as an initiation vector. For example, server 101 uses DES and encrypts the first cookie with key Kl, which has a value determined by eight characters, and with an eight character initiation vector associated with a revision number of the key Kl (if the revision number is less than eight characters, "0" characters may be padded from the left). The CM then decrypts the encrypted first cookie in the following manner: KlArevisionΛencrypted first cookie. In a similar manner, the CM encrypts the second cookie using DES and encrypts the second cookie with key K2, which also has a value determined by eight character, and with an eight character initiation vector associated with the revision number of the key K2 (if the revision number is less than eight characters, "0" characters may be padded from the left). Server 101 then decrypts the encrypted second cookie in the following manner: K2ArevisionAencrypted second cookie. Generally, a set of keys Kl and K2 have different values, although in some embodiments, they may have a same value. In some embodiments, the symmetric-key algorithm may be according to the Advanced Encryption Standard (AES). In some embodiments, the cryptographic method may comprise an asymmetric- key algorithm. Optionally, the method may comprise a hybrid-key algorithm based on a combination of a symmetric-key algorithm and an asymmetric-key algorithm.
In some embodiments, any set of encoding and decoding keys, intended to be used by the CM, are encrypted up to the level which renders the discovery thereof, such as by reverse-engineering their codes, impossible. Alternatively, there can be used secret formulas utilized by the respective parties only, that will dynamically create new sets of encryption and decryption keys based on variable combination of, e.g., the client's ID , IP number, or any other proprietary information shared by or disclosed to the parties only.
In some embodiments, Network 102 may comprise a wired network, which may be any type of network physically connecting one or more CMs to one another and/or to one or more servers 101, as shown for example by wired connection 108 from network 102 to PC 105. Examples of such a network may be local area networks (LAN), or a circuit-switched network such as the public switched telephone network (PSTN).
In some embodiments, network 102 may comprise any wireless network, as shown for example by wireless connection 109 to laptop 103 and PDA 104. An example of such network may be a wireless local area network (WLAN) which may comprise a wireless network, or any combination of wireless networks, generally conforming to IEEE Standards 802.11 (Wireless LAN - Wi-Fi). Optionally, the WLAN may conform to IEEE Standards 802.15 (Wireless PAN - WPAN), 802.16 (Broadband Wireless Access - WiMAX), 802.20 (Mobile Broadband Wireless Access - MBWA), and/or 802.22 (Wireless Regional Area Network - WRAN), or any combination thereof. Network 102 may optionally be adapted for communication according to 3GPP (3rd Generation Partnership Project) and/or 3GPP2 (3rd Generation Partnership Project 2) specifications for mobile phones. Optionally, network 102 may be adapted for communication through satellite.
In some embodiments, network 102 may comprise any combination of networks including IP and/or other packet-switched networks, and circuit-switched networks (for example, the PSTN). Optionally, network 102 may be configured in any combination of wired and wireless networks.
Fig. 2 is a schematic flow chart illustrating a method of communication in system 100 (Fig. 1) between the CM and server 101 over client-server network 102 using SIP. The method illustrated and described below is not intended to be limiting in any form or manner, and it should be evident to a person skilled in the art that variations are possible in the implementation of the method.
Step 200: The CM, for example CM 103 - 107, wishing to connect to network 102, sends a request for initiation of authentication message to server 101. The request includes a validation stamp according to the predetermined CM-server validation criteria, which may comprise, for example, a time stamp with a week number (and optionally year) when the request is generated. The request additionally includes CM IP address, and may include, in some embodiments, additional information such as CM data used to stiffen the coupling between the request for authentication and the CM's IP address.
Step 201: Server 101 receives the request from the CM and checks CM's IP address, time stamp (week time stamp), and optional CM data, so as validate that CM is authorized to connect to network 102.
Step 202: If request is OK continue to Step 203 (CM is authorized to continue authentication process). If request is not OK go to Step 212
(CM is not authorized to continue authentication process; for example, unrecognized IP address, incorrect week time stamp, and/or incompatibility between CM data and IP address).
Step 203: Server 101 generates a first SIP cookie. In some embodiments, the first SIP cookie may be generated externally of
Server 101, for example, by a cookie generator in a second server.
Step 204: Server 101 saves the first SIP cookie in a resident memory in the server. In some embodiments, the first SIP cookie may be stored in an externally located memory such as for example, in a second server, a second CM, or an external data storage device not physically connected to server 101 (connected through network 102).
Step 205: Server 101 encrypts the first SIP cookie using key Kl, the key selected according to the week time stamp received from the CM.
Server 101 and the CM each maintain a database with, for example, 156 sets of shared keys Kl and K2, each set of keys associated with a specific week in a specific year. The databases may be resident in the CM and in server 101, respectively, or may optionally be stored, for example, in one or more separate external storage devices which may be accessed by the CM and/or the server, or any combination thereof.
Step 206: Server 101 sends the encrypted first SIP cookie to the CM, and includes the week time stamp received from the CM in the message.
Step 207: The CM receives the encrypted first SIP cookie from server 101, together with the week time stamp. Based on the week time stamp received, the CM selects from the database a set of keys Kl and K2 corresponding to the week (and optionally year) of the week time stamp. The CM decrypts the encrypted first SIP cookie using key Kl.
Step 208: The CM encrypts a second SIP cookie which is functionally related to the first SIP cookie (and which may be the first SIP cookie or a new cookie generated by the CM or by an external cookie generator), using the second key K2 selected from the database.
Step 209: The CM sends the encrypted second SIP cookie to server 101.
Step 210: Server 101 receives the encrypted second SIP cookie and decrypts the cookie using the second key K2 from the set of keys Kl and K2 selected from the database (according to the week time stamp of the request, and used to encrypt the first SIP cookie).
Step 211: Server 101 compares the second SIP cookie with the saved first SIP cookie. If the result of the comparison of the first and second
SIP cookies conform to a predetermined criterion, for example are substantially identical, go to Step 213. If the result of the comparison of the first and second SIP cookies does not conform to the predetermined criterion, for example they are substantially different, continue to Step 212.
Step 212: Server 101 reports an error to CM. Go to Step 200.
Step 213: Server 101 authenticates identity of CM and sends an acknowledgement to the CM. Server 101 authorizes connection of the
CM to network 102, and the CM is able to communicate over the network with other servers, CMs, and/or other devices. For example, the CM may connect with another CM, or another device, through network 102 using RTP (real-time transport protocol) for VoIP communications.
Figs. 3A and 3B are schematic flow charts illustrating an exemplary method of VoIP communication between a call initiator (a device for initiating a call) and a call terminator (a device for receiving a call), including the use of SIP for substantially preventing MTM attacks in an IP network. For exemplary purposes, the method is described with reference to a VoIP technology known as Jajah. Jajah® is generally regarded as a technology for communicating between telephones (such as landline telephones and mobile phones) by combining VoIP over an IP network with communication through the PSTN and/or a cellular network (for mobile phones). In a typical mode of operation, a Jajah user using a CM such as, for example a PC, connects to a Jajah server through the IP network. , The CM sends a request for authentication which may include a telephone number of the call initiator and a destination telephone number of the call terminator, a CM IP address, and may include other user information such as, for example, a user name and a user password. In mobile phone applications, an appropriate Jajah application program may be downloaded by the user to the mobile device, enabling the device to serve as the CM and to connect to the Jajah server through the cellular network. Upon server validation of user information, the Jajah server acknowledges the request for authentication and connects the call initiator with the call terminator through the IP network and the PSTN, and/or the cellular network. Once connected, the Jajah server additionally manages and controls the communication between the call initiator and the call terminator. The method for Jajah communication using SIP to substantially prevent MTM attacks, as illustrated in the figures and described below, is not intended to be limiting in any form or manner, and it should be evident to a person skilled in the art that variations are possible in the implementation of the method. Step 300: A user placing a telephone call to the call terminator accesses the Jajah server through a web browser in the CM (PC or mobile phone), and inputs the telephone number of the call initiator and the call terminator into a Jajah application program (AP). Additional user information may be input such as user name, password, and the like.
Step 301: The CM sends a sends a request for authentication message to a SIP server in the IP network. The request message may be substantially similar or the same to that sent by the CM in Step 200 (Hg. 2). In some embodiments, the CM data may include the user information from Step 300. In some embodiments, the SIP server and the Jajah server may be the same.
Step 302: The SIP server receives the request message and checks the validity of the message. SIP server check of validity may be the same or substantially similar to that in Step 201 (Fig. 2). If the request is not OK (invalid) go to Step 308.
Step 303: SIP server authenticates identity of CM. Process of authentication is the same or substantially similar to that shown in Steps 203 through 211 and Step 213 (Rg. 2). If the CM is not authenticated go to step 308.
Step 304: SIP server sends acknowledgment of CM authentication and authorization to the Jajah server. Jajah server authenticates user information input in Step 300, including the destination number of the call terminator. If the user information is not authenticated, go to Step 308.
Step 305: Jajah server is adapted to manage the account of the user and to connect the call terminator with the call initiator, for example, using RTP. Jajah server validates account balance of the call initiator prior to connecting the call initiator to the call terminator. If the account balance is inadequate, go to Step 308.
Step 306: Jajah server dials up the telephone number of the call initiator, and connects to the call initiator through the IP network, and the PSTN and/or the cellular network. If there is an error in the connection, go to Step 308.
Step 307: Once the call initiator responds and the call is to be connected, the Jajah server dials up the telephone number of the call terminator, and connects the call terminator through the IP network, and the PSTN and/or cellular network. Go to Step 309. If there is an error in the connection, go to Step 308.
Step 308: Error report is generated to the call initiator, or optionally the CM. Go to Step 301.
Step 309: Call initiator and call terminator engage in conversation. Step 310: Upon concluding the conversation the user hangs up, disconnecting the call initiator.
Step 311: CM sends a sends a request for termination (BYE) message to the SIP server in the IP network. The authentication information comprised in the BYE message may be the same or substantially similar to that in Step 301.
Step 312: SIP server receives the BYE message and checks the validity of the message. SIP server check of validity may be the same or substantially similar to that in Step 302. If the BYE request is not OK (invalid) go to Step 308.
Step 313: SIP server authenticates identity of CM. Process of authentication is the same or substantially similar to that in Step 303. If the CM is not authenticated go to step 308.
Step 314: SIP server sends acknowledgment of CM authentication and an authorization to the Jajah server to end the call (call End message). If there is an error in the connection, go to Step 308.
Step 315: Jajah server closes the call to the call terminator. If there is an error in the connection, go to Step 308.
Step 316: The call terminator closes the call. If there is an error in the connection, go to Step 308. Step 317: Jajah server updates user, and/or optionally, call initiator, calling records and account balance.
Step 318: Jajah calling process is terminated.
In some embodiments, a set of the at least two keys, Kl and K2, is exchanged between the CM and the server while a formula, put to disposal of both parties, will direct each of them when to use a specific pair of keys in order to allow decryption and encryption of one or more cookies exchanged there between. Fig. 4 schematically illustrates a step-by-step flow-chart of an exemplary cookies validation process according to some embodiments of the present invention. The process includes a use of different pair of keys which are valid only during a given week of the year. However, any other preset, time-based or other criteria of validation may be employed. Each key comprises a number which is used in any known conventional way in order to convert a meaningful text into a string of meaningless characters.
Referring to Figs. 4A and 4B, when a user wishes to initiate a phone call for the first time from his CM, he will normally enter a phone number and send it to the Server by pressing the "call" button [stage (10)]. Along with the phone number, the CM will send other data to the server which is crucial for the authentication process (as will be detailed later) such as the current week number, the software revision number (rev. #), the Client's IP address, or the Client's unique identification code (CL ID). Upon receiving the information, the server generates a cookie using a formula known to the CM and stores it in a database (11). Then the cookie is encrypted using a key Kl (12). The key Kl is one of a pair of matching keys as determined at the setup time of the system, in the present example correlated according to the week number of the current year. Hence, the server generates a variation of the encrypted cookie combined with the week number and sends it to the CM (13).
Upon receipt of the modified cookie, the CM looks up the appropriate pair of keys in the Table, as shown in stage (14).
In stage (15),the CM decrypts the cookie with Kl (15), encrypts it with
K2 (16) and sends the encrypted cookie back to the server, combined with the week number (17).
The received encrypted cookie is decrypted at the server side using K2 (18) and becomes validated against the data stored in the database (19). The server is prompted to activate the cookie (20) and to send an acknowledgement signal to the CM (21).
Throughout the whole process, and especially at the validation stage
(19), errors should be revealed due to unauthorized authentication, wrong destination phone number, lack of credit, etc. In such a case (22), a wrong authentication signaling will be generated by the server, transmitted to the
CM, and the call request will be denied (23).
While certain errors are bona-fide errors, there are also errors that are genuine. For this reason, and as a precaution step, the server will allow only a preset number of call initiation attempts, e.g. 5, after which it will reject any call initiation request for a preset period of time, say 10 minutes. This concludes the initial verification and cookie setup process. The stages of completing the call (establishing the connection with the called party, hanging-up), follows the conventional fashion.
Those skilled in the art to which this invention pertains will readily appreciate that numerous changes, variations and modifications can effectuated without departing from the true spirit and scope of the invention as defined in and by the appendent claims.

Claims

WHAT IS CLAIMED:
1. A system for communicating over a network using a Session
Initiation Protocol (SIP), the system comprising: a server adapted to transmit a first cookie encrypted using a first key Kl, receive and decrypt a second cookie using a second key K2, and compare the first cookie with the second cookie; and a client machine (CM) adapted to receive and decrypt the first cookie using the first key Kl, and transmit the second cookie encrypted using the second key K2.
2. The system of claim 1 wherein the network is the Internet.
3. The system of claim 1 wherein the network is a packet-switched network.
4. The system of claim 1 wherein communicating over the network comprises Voice over Internet Protocol (VoIP).
5. The system of claim 1 wherein the server is further adapted to transmit the first cookie responsive to receiving from the CM a request for authentication message.
6. The system of claim 1 wherein the server is further adapted to authorize connection of the CM to the network when a result of the comparison of the first cookie and the second cookie conforms to a predetermined criterion.
7. The system of claim 6 wherein the predetermined criterion is the first cookie and the second cookie being substantially identical.
8. The system of claim 6 wherein the predetermined criterion is the first cookie and the second cookie being substantially different.
9. The system of claim 1 wherein Kl and K2 have substantially different values (Kl ≠ K2).
10. The system of claim 1 wherein Kl and K2 have a substantially same value (Kl = K2).
11. The system of claim 1 wherein Kl and/or K2 are revised according to a predetermined CM-server validation criteria.
12. The system of claim 1 wherein Kl and/or K2 are revised periodically.
13. The system of claim 12 wherein periodically is weekly.
14. The system of claim 1 wherein the server is further adapted to generate the first cookie.
15. The system of claim 1 wherein the server is further adapted to encrypt the first cookie using Kl.
16. The system of claim 1 wherein the server is further adapted to store the first cookie.
17. The system of claim 1 wherein the CM is adapted to encrypt the second cookie using K2.
18. A method for communicating over a network using a Session Initiation Protocol (SIP), the method comprising: transmitting a first cookie encrypted using a first key Kl 'from a server to a client machine (CM); decrypting the first cookie at the CM using Kl and transmitting a second cookie encrypted using a second key K2; and receiving the second cookie at the server and decrypting the cookie using K2, and comparing the first cookie with the second cookie.
19. The method of claim 18 further comprising communicating over the Internet.
20. The method of claim 18 further comprising communicating over a packet-switched network.
21. The method of claim 18 further comprising communicating over the network including Voice over Internet Protocol (VoIP).
22. The method of claim 18 further comprising transmitting the first cookie responsive to receiving a request for authentication message.
23. The method of claim 18 further comprising authorizing connection of the CM to the network when a result of the comparison of the first cookie and the second cookie conforms to a predetermined criterion.
24. The method of claim 23 wherein the predetermined criterion is the first cookie and the second cookie being substantially identical.
25. The method of claim 23 wherein the predetermined criterion is the first cookie and the second cookie being substantially different.
26. The method of claim 18 further comprising Kl and K2 having substantially different values (Kl ≠ K2).
27. The method of claim 18 further comprising Kl and K2 having a substantially same value (Kl = K2).
28. The method of claim 18 further comprising revising Kl and/or K2 according to a predetermined CM-server validation criteria.
29. The method of claim 18 further comprising revising Kl and/or K2 periodically.
30. The method of claim 29 wherein periodically is weekly.
31. The method of claim 18 further comprising generating the first cookie.
32. The method of claim 18 further comprising encrypting the first cookie using Kl.
33. The method of claim 18 further comprising storing the first cookie.
34. The method of claim 18 further comprising encrypting the second cookie using K2.
PCT/IL2009/000327 2008-03-27 2009-03-24 System and method for communicating over a network WO2009118730A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP09725838A EP2272230A1 (en) 2008-03-27 2009-03-24 System and method for communicating over a network

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US6479608P 2008-03-27 2008-03-27
US61/064,796 2008-03-27

Publications (2)

Publication Number Publication Date
WO2009118730A1 true WO2009118730A1 (en) 2009-10-01
WO2009118730A4 WO2009118730A4 (en) 2009-12-03

Family

ID=40834307

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IL2009/000327 WO2009118730A1 (en) 2008-03-27 2009-03-24 System and method for communicating over a network

Country Status (2)

Country Link
EP (1) EP2272230A1 (en)
WO (1) WO2009118730A1 (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080240433A1 (en) * 2007-01-22 2008-10-02 Samsung Electronics Co., Ltd. Lightweight secure authentication channel

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080240433A1 (en) * 2007-01-22 2008-10-02 Samsung Electronics Co., Ltd. Lightweight secure authentication channel

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
CHIA-CHEN CHANG, YUNG-FENG LU, AI-CHUN PANG, TEI-WEI KUO: "Design and Implementation of SIP Security", INFORMATION NETWORKING, vol. 3391/2005, 28 January 2005 (2005-01-28), pages 669 - 778, XP002537249, ISSN: 1611-3349, ISBN: 978-3-540-24467-7, Retrieved from the Internet <URL:http://www.springerlink.com/content/6nc48pw0b5ntr69q/fulltext.pdf> [retrieved on 20090715] *
MENEZES ET AL: "Handbook of Applied Cryptography", 19970101, 1 January 1997 (1997-01-01), XP002533981 *

Also Published As

Publication number Publication date
WO2009118730A4 (en) 2009-12-03
EP2272230A1 (en) 2011-01-12

Similar Documents

Publication Publication Date Title
US8156536B2 (en) Establishing secure communication sessions in a communication network
US7421732B2 (en) System, apparatus, and method for providing generic internet protocol authentication
US7325133B2 (en) Mass subscriber management
EP2713546B1 (en) Method and apparatuses for establishing a data transmission via sip
JP4331848B2 (en) Security method for communication network and secure data transfer method
US6865681B2 (en) VoIP terminal security module, SIP stack with security manager, system and security methods
EP2039199B1 (en) User equipment credential system
CN108599925B (en) Improved AKA identity authentication system and method based on quantum communication network
US7464267B2 (en) System and method for secure transmission of RTP packets
US20150089220A1 (en) Technique For Bypassing an IP PBX
US6892308B1 (en) Internet protocol telephony security architecture
US20070083918A1 (en) Validation of call-out services transmitted over a public switched telephone network
CN103974241A (en) Voice end-to-end encryption method aiming at mobile terminal with Android system
CN1716953B (en) Method for identifying conversation initial protocol
WO2016022326A1 (en) A method of providing real-time secure communication between end points in a network
US20090300197A1 (en) Internet Protocol Communication System, Server Unit, Terminal Device, and Authentication Method
CN112261022A (en) Security authentication method based on API gateway
US20120106401A1 (en) Prevention of voice over ip spam
CN108616350B (en) HTTP-Digest class AKA identity authentication system and method based on symmetric key pool
Di Pietro et al. A two-factor mobile authentication scheme for secure financial transactions
JP4472566B2 (en) Communication system and call control method
CN107395552A (en) A kind of data transmission method and device
CN109120408A (en) For authenticating the methods, devices and systems of user identity
US20060147038A1 (en) Method and installation for controlling a telephone call transmitter on an internet network and telephone terminal therefor
EP2272230A1 (en) System and method for communicating over a network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09725838

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2009725838

Country of ref document: EP