Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular node for directing data and applying cryptography
Reexamination Certificate
1999-07-27
2004-06-29
Wright, Norman M. (Department: 2134)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular node for directing data and applying cryptography
C713S170000, C713S152000, C370S270000
Reexamination Certificate
active
06757823
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates generally to providing enhanced security for Internet telephony calls and more particularly to providing a secure connection for Voice Over IP (VoIP) calls using the H.323 protocol.
BACKGROUND OF THE INVENTION
The Internet explosion has spawned new means of data, voice, and video communication and Internet Protocol (IP) telephony is a fast developing field of telecommunications. The Internet, however, is faced with two significant obstacles to fast secure communications. The first obstacle is usable bandwidth. Bandwidth affects the rate at which data can be transferred. The second obstacle pertains to security. The Internet is not a direct point-to-point connection between computers. Rather, it is a network to which computers (or other devices) can connect for the purpose of communicating with one another. As such, there is increased opportunity for eavesdropping on data, voice, or video transmissions over the Internet. One method of enhancing the security of Internet based communications is to encrypt the data being transmitted before sending it out over the network and de-encrypting the data once it is received by the far end device.
The present invention addresses security issues with respect to Voice Over IP (VoIP) telephone calls. Currently, a call signaling channel is secured by using either a Transport Layer Security (TLS), a Secure Sockets Layer (SSL), or an IP Security Protocol (IPSec) on a secure well known port. These approaches, however, suffer from delays in call setup time, complex handshaking procedures, and significant protocol overhead. Moreover, current H.323 VoIP implementations do not prevent signaling information from being viewed by unscrupulous computer hackers on the IP network used for VoIP calls. For instance, when a SETUP message is sent over the IP network using H.323,the calling name and calling number is visible to sniffers or other such tools used on the Internet. What is needed is a method that increases security, simplifies VoIP handshaking procedures, and reduces call setup time without adding significant protocol overhead.
SUMMARY OF THE INVENTION
The present invention calls for an originating H.323 gateway to send a Secure Registration Request (SRR) message to a far end H.323 gateway prior to sending the SETUP message. An SRR message includes information requesting a secure connection as well as other parameters such as, for instance, a sender's digital certificate and an encryption algorithm. The far end H.323 gateway can either accept the SRR via a Secure Connection Confirm (SCF) message or reject the SRR via a Secure Connection Reject (SCR) message. Once an SCF message is returned, all further communication between the H.323 gateways is encrypted using a public key and encryption method specified in the SRR message. The advantages of the present invention include simplicity of use and lower call setup time than TSL, SSL, or IPSec.
In accordance with a first embodiment of the invention is a method of providing secure signaling connections for packet data network telephony calls. A secure registration request message containing an encryption technique and public key is sent from an originating gateway over a packet data network to a terminating gateway. The terminating gateway returns a secure confirmation message containing a digital certificate over the packet data network to the originating gateway. Once registered, further communication between the gateways is encrypted over the packet data network using the public key and encryption technique specified in the secure registration request message.
Other aspects and features of the present invention will become apparent to those ordinarily skilled in the art upon review of the following description of specific embodiments of the invention in conjunction with the accompanying figures.
REFERENCES:
patent: 6353660 (2002-03-01), Burger et al.
patent: 6363065 (2002-03-01), Thornton et al.
patent: 6373839 (2002-04-01), Clark et al.
patent: 6421339 (2002-07-01), Thomas
patent: 6490275 (2002-12-01), Sengodan
patent: 6580695 (2003-06-01), Kluck et al.
patent: 6584110 (2003-06-01), Mizuta et al.
Toga, James and Ott, Jörg, “ITU-T Standardization Activities for Interactive Multimedia Communications on Packet-Based Networks: H.323 and Related Recommendations,” Computer Networks and ISDN Systems, North Holland Publishing, Amsterdam, NL vol. 31, No. 3, Feb. 11, 1999, pp. 205-223, XP-000700319.
“Security and Encryption for H Series (H.323 and Other H.245 Based) Multimedia Termninals,” ITU-T Draft Recommendation, Jan. 1998, Jan. 1998, XP-002164402.
Caronni, Germano and Lubich, Dr. Hannes P., “Proposed Security Mechanisms in the ‘New’ Internet,” Switch Journal, Zuerich, CH, vol. 1, 1996, pp. 19-23, XP-002075076.
International Search Report for counterpart foreign application No. PCT/US00/19684.
Oxendine Kenneth W.
Rao Sanjay H.
Nortel Networks Limited
Withrow & Terranova , PLLC
Wright Norman M.
LandOfFree
System and method for enabling secure connections for H.323... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for enabling secure connections for H.323..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for enabling secure connections for H.323... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3365774