Sending Secure Media Streams
    1.
    发明申请
    Sending Secure Media Streams 有权
    发送安全媒体流

    公开(公告)号:US20110093609A1

    公开(公告)日:2011-04-21

    申请号:US12999178

    申请日:2009-02-20

    IPC分类号: G06F15/16

    摘要: A method and apparatus for sending a first secured media stream having a payload via an intermediate node. The intermediate node receives from a sender the first secured media stream. An end-to-end context identifier and a hop-by-hop context identifier are determined for the first secured media stream, where the hop-by-hop context identifier relates to the intermediate node and the end-to-end identifier relates to the sender. A second secured media stream is generated, which includes at least the payload of the first secured media stream and the context identifiers to identify the first secured media stream. The second secured media stream is sent to a receiving node, and the context identifiers are also sent to the receiving node. The context identifiers are usable by the receiving node to recover the first secured media stream.

    摘要翻译: 一种用于经由中间节点发送具有有效载荷的第一安全媒体流的方法和装置。 中间节点从发送器接收第一安全媒体流。 针对第一安全媒体流确定端到端上下文标识符和逐跳上下文标识符,其中逐跳上下文标识符与中间节点相关,并且端到端标识符与 发件人。 生成第二安全媒体流,其包括至少第一安全媒体流的有效载荷和上下文标识符以识别第一安全媒体流。 第二安全媒体流被发送到接收节点,并且上下文标识符也被发送到接收节点。 上下文标识符可由接收节点使用以恢复第一安全媒体流。

    IP Multimedia Security
    2.
    发明申请
    IP Multimedia Security 有权
    IP多媒体安全

    公开(公告)号:US20120198527A1

    公开(公告)日:2012-08-02

    申请号:US13254013

    申请日:2009-03-04

    IPC分类号: G06F21/20

    摘要: A method of establishing keys for at least partially securing media plane data exchanged between first and second end users via respective first and second media plane network nodes. The method comprises sending session set-up signalling from said first end point towards said second end point, said session set-up signalling including a session key generated by said first end point. The set-up signalling is intercepted at a first signalling plane network node and a determination made as to whether or not a signalling plane key has already been established for securing the signalling plane between said first end point and said first signalling plane network node. If a signalling plane key has already been established, then a media plane key is derived from that signalling plane key, and the media plane key sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node. If a signalling plane key has not already been established, then an alternative media plane key is derived from said session key and sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node.

    摘要翻译: 一种建立用于经由相应的第一和第二媒体平面网络节点至少部分地保护在第一和第二终端用户之间交换的媒体平面数据的密钥的方法。 该方法包括从所述第一端点向所述第二端点发送会话建立信令,所述会话建立信令包括由所述第一端点产生的会话密钥。 建立信令在第一信令平面网络节点被拦截,并且确定信令平面密钥是否已被建立用于在所述第一终端和所述第一信令平面网络节点之间保护信令平面。 如果已经建立了信令平面密钥,则从该信令平面密钥导出媒体平面密钥,并且将媒体平面密钥发送到所述第一媒体平面网络节点,以将介质平面固定在所述第一终端用户和所述第一媒体之间 平面网络节点。 如果还没有建立信令平面密钥,则从所述会话密钥导出替代媒体平面密钥,并将其发送到所述第一媒体平面网络节点,以便在所述第一终端用户和所述第一媒体平面网络节点之间保护媒体平面。

    IP multimedia security
    3.
    发明授权
    IP multimedia security 有权
    IP多媒体安全

    公开(公告)号:US08539564B2

    公开(公告)日:2013-09-17

    申请号:US13254013

    申请日:2009-03-04

    IPC分类号: G06F7/04

    摘要: A method of establishing keys for at least partially securing media plane data exchanged between first and second end users via respective first and second media plane network nodes. The method comprises sending session set-up signalling from said first end point towards said second end point, said session set-up signalling including a session key generated by said first end point. The set-up signalling is intercepted at a first signalling plane network node and a determination made as to whether or not a signalling plane key has already been established for securing the signalling plane between said first end point and said first signalling plane network node. If a signalling plane key has already been established, then a media plane key is derived from that signalling plane key, and the media plane key sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node. If a signalling plane key has not already been established, then an alternative media plane key is derived from said session key and sent to said first media plane network node for securing the media plane between said first end user and said first media plane network node.

    摘要翻译: 一种建立用于经由相应的第一和第二媒体平面网络节点至少部分地保护在第一和第二终端用户之间交换的媒体平面数据的密钥的方法。 该方法包括从所述第一端点向所述第二端点发送会话建立信令,所述会话建立信令包括由所述第一端点产生的会话密钥。 建立信令在第一信令平面网络节点被拦截,并且确定信令平面密钥是否已被建立用于在所述第一终端和所述第一信令平面网络节点之间保护信令平面。 如果已经建立了信令平面密钥,则从该信令平面密钥导出媒体平面密钥,并且将媒体平面密钥发送到所述第一媒体平面网络节点,以将介质平面固定在所述第一终端用户和所述第一媒体之间 平面网络节点。 如果还没有建立信令平面密钥,则从所述会话密钥导出替代媒体平面密钥,并将其发送到所述第一媒体平面网络节点,以便在所述第一终端用户和所述第一媒体平面网络节点之间保护媒体平面。

    KEY MANAGEMENT FOR SECURE COMMUNICATION
    4.
    发明申请
    KEY MANAGEMENT FOR SECURE COMMUNICATION 有权
    安全通信的关键管理

    公开(公告)号:US20100268937A1

    公开(公告)日:2010-10-21

    申请号:US12744986

    申请日:2007-11-30

    IPC分类号: H04L9/32 H04L29/06 H04L9/08

    摘要: A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary.

    摘要翻译: 公开了一种用于管理用于通信网络中的第一和第二用户设备之间的安全通信的会话密钥的方法和装置。 该方法的特征在于独立于每个用户设备为安全操作实现什么类型的凭证。 第一用户从第一密钥管理服务器接收密钥信息和凭证并生成第一会话密钥。 该凭证被转发到至少一个响应用户设备,在来自与第一密钥管理服务器通信的第二密钥管理服务器的支持下,解决凭证并确定第二会话密钥。 此后,第一和第二会话密钥用于安全通信。 在一个实施例中,通信遍及中间体,由此第一和第二会话密钥保护与相应的腿到中间的通信。

    Sending secure media streams
    5.
    发明授权
    Sending secure media streams 有权
    发送安全媒体流

    公开(公告)号:US08966105B2

    公开(公告)日:2015-02-24

    申请号:US12999178

    申请日:2009-02-20

    IPC分类号: G06F15/16 H04L29/06

    摘要: A method and apparatus for sending a first secured media stream having a payload via an intermediate node. The intermediate node receives from a sender the first secured media stream. An end-to-end context identifier and a hop-by-hop context identifier are determined for the first secured media stream, where the hop-by-hop context identifier relates to the intermediate node and the end-to-end identifier relates to the sender. A second secured media stream is generated, which includes at least the payload of the first secured media stream and the context identifiers to identify the first secured media stream. The second secured media stream is sent to a receiving node, and the context identifiers are also sent to the receiving node. The context identifiers are usable by the receiving node to recover the first secured media stream.

    摘要翻译: 一种用于经由中间节点发送具有有效载荷的第一安全媒体流的方法和装置。 中间节点从发送器接收第一安全媒体流。 针对第一安全媒体流确定端到端上下文标识符和逐跳上下文标识符,其中逐跳上下文标识符与中间节点相关,并且端到端标识符与 发件人。 生成第二安全媒体流,其包括至少第一安全媒体流的有效载荷和上下文标识符以识别第一安全媒体流。 第二安全媒体流被发送到接收节点,并且上下文标识符也被发送到接收节点。 上下文标识符可由接收节点使用以恢复第一安全媒体流。

    Key management for secure communication
    6.
    发明授权
    Key management for secure communication 有权
    安全通信的密钥管理

    公开(公告)号:US09178696B2

    公开(公告)日:2015-11-03

    申请号:US12744986

    申请日:2007-11-30

    IPC分类号: H04L9/08 H04L29/06

    摘要: A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary.

    摘要翻译: 公开了一种用于管理用于通信网络中的第一和第二用户设备之间的安全通信的会话密钥的方法和装置。 该方法的特征在于独立于每个用户设备为安全操作实现什么类型的凭证。 第一用户从第一密钥管理服务器接收密钥信息和凭证并生成第一会话密钥。 该凭证被转发到至少一个响应用户设备,在来自与第一密钥管理服务器通信的第二密钥管理服务器的支持下,解决凭证并确定第二会话密钥。 此后,第一和第二会话密钥用于安全通信。 在一个实施例中,通信遍及中间体,由此第一和第二会话密钥保护与相应的腿到中间的通信。

    Sending media data via an intermediate node
    7.
    发明授权
    Sending media data via an intermediate node 有权
    通过中间节点发送媒体数据

    公开(公告)号:US08645680B2

    公开(公告)日:2014-02-04

    申请号:US12997913

    申请日:2009-05-06

    IPC分类号: H04L29/06

    摘要: A method and apparatus for sending protected media data from a data source node to a client node via an intermediate node. The data source node establishes a first hop-by-hop key to be shared with the intermediate node and an end-to-end key to be shared with the client node. A single security protocol instance is configured and used to trans-protocol form data from a media stream into transformed data using the keys. The transformed data is then sent to the intermediate node. The intermediate node uses the first hop-by-hop key to apply a security processing to the transformed data, and establishes a second hop-by-hop key with the client node. A second transformation is performed on the transformed data using the second hop-by-hop key to produce further transformed media data, which is then sent to the client node. At the client node a single security protocol instance is configured with the second hop-by-hop key and the end-to-end key, which are used to apply further security processing to the transformed media data.

    摘要翻译: 一种用于经由中间节点将受保护媒体数据从数据源节点发送到客户端节点的方法和装置。 数据源节点建立与中间节点共享的第一个逐跳密钥和要与客户机节点共享的端对端密钥。 单个安全协议实例被配置并用于使用密钥将媒体流中的数据转换为变换数据。 然后将变换的数据发送到中间节点。 中间节点使用第一个逐跳密钥对转换的数据应用安全处理,并与客户端节点建立第二个逐跳密钥。 使用第二逐跳密钥对经变换的数据执行第二变换以产生进一步转换的媒体数据,然后将其转发到客户端节点。 在客户端节点,单个安全协议实例配置有第二个逐跳密钥和端对端密钥,用于对转换的媒体数据应用进一步的安全处理。

    SENDING MEDIA DATA VIA AN INTERMEDIATE NODE
    8.
    发明申请
    SENDING MEDIA DATA VIA AN INTERMEDIATE NODE 有权
    发送媒体数据通过中间节点

    公开(公告)号:US20110093698A1

    公开(公告)日:2011-04-21

    申请号:US12997913

    申请日:2009-05-06

    IPC分类号: H04L9/12

    摘要: A method and apparatus for sending protected media data from a data source node to a client node via an intermediate node. The data source node establishes a first hop-by-hop key to be shared with the intermediate node and an end-to-end key to be shared with the client node. A single security protocol instance is configured and used to trans-protocol form data from a media stream into transformed data using the keys. The transformed data is then sent to the intermediate node. The intermediate node uses the first hop-by-hop key to apply a security processing to the transformed data, and establishes a second hop-by-hop key with the client node. A second transformation is performed on the transformed data using the second hop-by-hop key to produce further transformed media data, which is then sent to the client node. At the client node a single security protocol instance is configured with the second hop-by-hop key and the end-to-end key, which are used to apply further security processing to the transformed media data.

    摘要翻译: 一种用于经由中间节点将受保护媒体数据从数据源节点发送到客户端节点的方法和装置。 数据源节点建立与中间节点共享的第一个逐跳密钥和要与客户机节点共享的端对端密钥。 单个安全协议实例被配置并用于使用密钥将媒体流中的数据转换为变换数据。 然后将变换的数据发送到中间节点。 中间节点使用第一个逐跳密钥对转换的数据应用安全处理,并与客户端节点建立第二个逐跳密钥。 使用第二逐跳密钥对经变换的数据执行第二变换以产生进一步转换的媒体数据,然后将其转发到客户端节点。 在客户端节点,单个安全协议实例配置有第二个逐跳密钥和端对端密钥,用于对转换的媒体数据应用进一步的安全处理。

    Method and Apparatuses for End-to-Edge Media Protection in ANIMS System
    9.
    发明申请
    Method and Apparatuses for End-to-Edge Media Protection in ANIMS System 有权
    ANIMS系统中端到端媒体保护的方法与设备

    公开(公告)号:US20130268681A1

    公开(公告)日:2013-10-10

    申请号:US13800129

    申请日:2013-03-13

    IPC分类号: H04W76/02

    摘要: An IMS system includes an IMS initiator user entity. The system includes an IMS responder user entity that is called by the initiator user entity. The system includes a calling side S-CSCF in communication with the caller entity which receives an INVITE having a first protection offer and parameters for key establishment from the caller entity, removes the first protection offer from the INVITE and forwards the INVITE without the first protection offer. The system includes a receiving end S-CSCF in communication with the responder user entity and the calling side S-CSCF which receives the INVITE without the first protection offer and checks that the responder user entity supports the protection, inserts a second protection offer into the INVITE and forwards the INVITE to the responder user entity, wherein the responder user entity accepts the INVITE including the second protection offer and answers with an acknowledgment having a first protection accept. A method for supporting a call by a telecommunications node.

    摘要翻译: IMS系统包括IMS发起者用户实体。 该系统包括由发起者用户实体调用的IMS应答器用户实体。 该系统包括与主叫实体进行通信的主叫侧S-CSCF,其从呼叫方实体接收具有第一保护报价的INVITE和用于密钥建立的参数,从INVITE中移除第一保护报价并转发INVITE而没有第一保护 提供。 该系统包括与响应者用户实体通信的接收端S-CSCF,以及在没有第一保护提供的情况下接收INVITE的主叫侧S-CSCF,并检查响应者用户实体是否支持保护,将第二保护请求插入到 INVITE并将INVITE转发到响应者用户实体,其中响应者用户实体接受包括第二保护请求的INVITE和具有第一保护接受的确认的应答。 一种用于支持电信节点的呼叫的方法。

    Method and apparatuses for end-to-edge media protection in an IMS system

    公开(公告)号:US08429737B2

    公开(公告)日:2013-04-23

    申请号:US12744720

    申请日:2008-12-01

    IPC分类号: H04L29/06 G06F15/16

    摘要: An IMS system includes an IMS initiator user entity. The system includes an IMS responder user entity that is called by the initiator user entity. The system includes a calling side S-CSCF in communication with the caller entity which receives an INVITE having a first protection offer and parameters for key establishment from the caller entity, removes the first protection offer from the INVITE and forwards the INVITE without the first protection offer. The system includes a receiving end S-CSCF in communication with the responder user entity and the calling side S-CSCF which receives the INVITE without the first protection offer and checks that the responder user entity supports the protection, inserts a second protection offer into the INVITE and forwards the INVITE to the responder user entity, wherein the responder user entity accepts the INVITE including the second protection offer and answers with an acknowledgment having a first protection accept. A method for supporting a call by a telecommunications node.