Biometric authenticated biometric enrollment
US-2024187223-A1 · Jun 6, 2024 · US
Device authentication and secure channel management for peer-to-peer initiated communications
US9755825B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9755825-B2 |
| Application number | US-96121907-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 20, 2007 |
| Priority date | Dec 21, 2006 |
| Publication date | Sep 5, 2017 |
| Grant date | Sep 5, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method and system for providing secure access to a device initiating communications using a peer-to-peer signaling protocol, such as a SIP or H.323. In a device registration phase, the device contacts a secure access server, and authenticates to the secure access server by providing an identification, such as its factory ID. The secure access server then issues a device ID and private key to the authenticated device. A client can then initiate a further communication session and be authenticated by the secure access server. The secure access server returns the device identification and the device's public key to the client. The client and device can then perform a symmetrical key exchange for their current communication session, and can communicate with appropriate encryption. The device's private key can be set to expire after one or more uses.
First claim
Opening claim text (preview).
What is claimed is: 1. A method of authenticating and establishing a secure communication channel between devices in a Session Initiation Protocol (SIP) network, comprising: registering a SIP device to a secure access server in a first SIP session, the first SIP session established between the secure access server and the SIP device, the SIP device being a first endpoint in a SIP media session, the secure access server configured to: authenticate the SIP device, generate a first asymmetric key pair comprising a first private key and a first complementary public key, the first asymmetric key pair being uniquely associated with the SIP device, encrypt the first private key, and transmit the first private key to the SIP device; processing a request from a SIP client to securely access the SIP device and establishing a second SIP session between the secure access server and the SIP client, the SIP client being a second endpoint in the SIP media session, the secure access server configured to, as part of processing the request or establishing the second SIP session: authenticate the SIP client, retrieve the first complementary public key uniquely associated with the SIP device and generated prior to receiving the request from the SIP client to securely access the SIP device, and transmit the first complementary public key to the SIP client; and wherein first private key and the first complementary public key are made available to the SIP device and the SIP client, respectively, before the SIP client requests secure access to the SIP device in the second SIP session; the method further comprising: accessing the SIP device by the SIP client in the SIP media session, the SIP media session established between the SIP client and the SIP device, wherein: the SIP client is configured to: generate a symmetric key, asymmetrically encrypt the symmetric key using the first complementary public key previously registered to be uniquely associated with the SIP device, and transmit the encrypted symmetric key to the SIP device, the SIP device is configured to asymmetrically decrypt the encrypted symmetric key using the first private key previously registered to be uniquely associated with the SIP device, and the SIP client and the SIP device establish the secure communication channel by using the symmetric key for subsequent secure peer-to-peer communication between the SIP device and the SIP client during the SIP media session; prior to a subsequent request from the SIP client to securely access the SIP device in a further SIP session, providing the SIP device with a second private key in a fourth SIP session, the fourth SIP session established between the secure access server and the SIP device, the secure access server configured to: authenticate the SIP device, receive a request from the SIP device for the second private key in response to expiry of the first private key, generate a second asymmetric key pair comprising the second private key and a second complementary public key, the second asymmetric key pair being uniquely associated with the SIP device, encrypt the second private key, and transmit the second private key to the SIP device; wherein providing the SIP device with the second private key in the fourth SIP session makes the second private key and the second complementary public key available to the SIP device and the SIP client, respectively, before the SIP client requests secure access to the SIP device in the further SIP session. 2. The method of claim 1 , wherein the symmetric key is an Advanced Encryption Standard (AES) key and the secure communication channel is an AES tunnel. 3. A system for authenticating and providing secure communication between devices initiating communication over a Session Initiation Protocol (SIP) network, comprising: a SIP client in communication with a SIP device, the SIP device and the SIP client being, respectively, first and second endpoints in a SIP media session, the SIP client requesting secure access to the SIP device; and a secure access server in communication with both the SIP client and the SIP device, the secure access server configured to: register the SIP device to the secure access server in a first SIP session, the first SIP session established between the secure access server and the SIP device, wherein registration comprises: authenticating the SIP device, generating a first asymmetric key pair comprising a first private key and a first complementary public key, the first asymmetric key pair being uniquely associated with the SIP device, encrypting the first private key, and transmitting the first private key to the SIP device; process the request from the SIP client to securely access the SIP device and establish a second SIP session between the secure access server and the SIP client, wherein processing comprises, as part of processing the request or establishing the second SIP session: authenticating the SIP client, retrieving the first complementary public key uniquely associated with the SIP device and generated prior to receiving the request from the SIP client to securely access the SIP device, and transmitting the first complementary public key to the SIP client; and wherein the first private key and the first complementary public key are made available to the SIP device and the SIP client, respectively, before the SIP client requests secure access to the SIP device in the second SIP session, and wherein the SIP client accesses the SIP device in the SIP media session, the SIP media session established between the SIP client and the SIP device, wherein: the SIP client is configured to: generate a symmetric key, asymmetrically encrypt the symmetric key using the first complementary public key previously registered to be uniquely associated with the SIP device, and transmit the encrypted symmetric key to the SIP device, the SIP device is configured to asymmetrically decrypt the encrypted symmetric key using the first private key previously registered to be uniquely associated with the SIP device, and the SIP client and the SIP device establish the secure communication channel by using the symmetric key for subsequent secure peer-to-peer communication between the SIP device and the SIP client during the SIP media session; and wherein the secure access server is further configured to, prior to a subsequent request from the SIP client to securely access the SIP device in a further SIP session, provide the SIP device with a second private key in a fourth SIP session, the fourth SIP session established between the secure access server and the SIP device, and the providing comprises: authenticating the SIP device, receiving a request from the SIP device for the second private key in response to expiry of the first private key, generating a second asymmetric key pair comprising the second private key and a second complementary public key, the second asymmetric key pair being uniquely associated with the SIP device, encrypting the second private key, and transmitting the second private key to the SIP device; wherein providing the SIP device with the second private key in the fourth SIP session makes the second private key and the second complementary public key available to the SIP device and the SIP client, respectively, before the SIP client requests secure access to the SIP device in the further SIP session. 4. The system of claim 3 , wherein the symmetric key is an Advanced Encryption Standard (AES) key and the secure communication channel is an AES tunnel. 5. The system of claim 3 , wherein the secure access server is encompassed within an authentication system. 6. The system of claim 5 , wherein the authentication system is encompassed within an authentication, authorization and accou
Assignees
Inventors
Classifications
- H04L9/0844Primary
with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys · CPC title
for key exchange, e.g. in peer-to-peer networks (cryptographic mechanisms or cryptographic arrangements for key agreement H04L9/0838) · CPC title
for key distribution, e.g. centrally by trusted party (cryptographic mechanisms or cryptographic arrangements for key distribution involving a central third party H04L9/0819) · CPC title
wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption (cryptographic mechanisms or cryptographic arrangements using a plurality of keys or algorithms H04L9/14) · CPC title
wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption (cryptographic mechanisms or cryptographic arrangements for symmetric key encryption H04L9/06) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9755825B2 cover?
- A method and system for providing secure access to a device initiating communications using a peer-to-peer signaling protocol, such as a SIP or H.323. In a device registration phase, the device contacts a secure access server, and authenticates to the secure access server by providing an identification, such as its factory ID. The secure access server then issues a device ID and private key to …
- Who is the assignee on this patent?
- O'Brien William G, Yeap Tet Hin, Lou Dafu, and 1 more
- What technology area does this patent fall under?
- Primary CPC classification H04L9/0844. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Sep 05 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).